Skip to main content
  • Public side meetings at IETF meetings

    The feedback provided in post-meeting surveys frequently references the public side meetings that are held during or alongside IETF meetings. Some feedback is about how those meetings are run, while other feedback is about the level of IETF support for side meetings.

    • Lars EggertIETF Chair
    21 Jun 2021
  • QUIC working group looks to bring more security to Internet traffic

    Lucas Pardue serves as co-chair of the IETF QUIC Working Group, which focuses on a standards-track specification for a UDP-based, stream-multiplexing, encrypted transport protocol. The IETF blog recently asked Pardue about the QUIC standards project.

    • Grant GrossIETF Blog Reporter
    14 Jun 2021
  • Q&A with our new Director of Development

    Lee-Berkeley Shaw joins the IETF Administration LLC today as Director of Development. She will focus on designing and delivering the strategy to achieve the IETF’s goals for financial sustainability, with a focus on growing the IETF Endowment. We asked her questions about her plans for the IETF and her background.

    • Grant GrossIETF Blog Reporter
    7 Jun 2021
  • A new era in Internet transport

    The IETF’s Transport and Services (TSV) area is developing several potentially transformative technologies while it continues to maintain many of the foundational protocols of the Internet.

    • Martin DukeTransport Area Director
    • Zaheduzzaman SarkerTransport Area Director
    • Magnus Westerlund
    3 Jun 2021
  • Innovative New Technology for Sending Data Over the Internet Published as Open Standard

    Already broadly deployed and used, QUIC provides lower delay, improved security, and more robust delivery of data.

      3 Jun 2021

    Filter by topic and date

    Filter by topic and date

    Strengthening the Internet

    • Jari ArkkoIETF Chair
    • Stephen FarrellSecurity Area Director
    • Sean TurnerSecurity Area Director

    6 Nov 2013

    Reports about pervasive surveillance have been the big discussion topic in the Internet community in the last couple of months. Our commerce, business, and personal communications all depend on the Internet being secure and trusted, so the situation is disturbing.

    This week we are meeting at the IETF in Vancouver, British Columbia. Over 1200 engineers and specialists have gathered together from all over the world to work on improving various aspects of Internet technology. Surveillance has been a big discussion topic in our meeting as well. Of course, we care about the overall state of security in the Internet, and do not merely react to specific concerns. And technology is just one aspect of the recent concerns.

    Yet, the engineers are taking the security issues very seriously. Every session that we have been to during this week has gone through analysis and discussion of the state of security for their specific piece of the technology, with serious consideration for privacy. In many cases, privacy against pervasive monitoring was considered on an equal footing with other security issues for the first time.

    The first meeting that we attended on Monday morning (APPSAWG) went through application after application, considering how those applications make use of Transport Layer Security (TLS) and looking at possibilities to get the TLS-secured versions more widely and consistently deployed. We discussed plans for upgrading the handling of mail, instant messaging and voice-over-IP protocols, in each case with a view to improving the resistance of the deployed base to pervasive monitoring, and we look forward to real progress in offering guidance to those deploying all those applications.

    We also discussed the same topic within the transport stack in the multipathTCP working group where the use of opportunistic encryption was discussed. As that work matures, we might be able to expect to improve both efficiency (being able to use multiple paths) and security/privacy (in order to tie those paths together) at once, which could be a compelling prospect.

    Today we discussed improving security for web traffic. There are generally no easy solutions for Internet security improvements, but we were struck by how the HTTP working group clearly stated that doing nothing is not an option. We then proceeded to look at the various options for increasing the proportion of protected web traffic. Carefully. Considering that the Internet is not a new project but a live network with many existing components that have to continue to work. Trying to understand the impact of different options on web site adoption, the software that the engineers build for various products, and end-user experience. Being honest about the impacts and difficulties, such as user perception, the feasibility of different attacks, and the role of certification authorities, proxies, and other components.

    And this is what to us is best about the IETF community. We are faced with complex challenges, but when the right people are in the room, we can have a real and honest discussion about what is technically possible. Such discussion cannot be had without people who write the code for browsers, servers, proxies, and who understand the world of certification authorities and user experience, and those who have needs or concerns about the broader good that is the Internet. Some of you may have heard the term “multi-stakeholder” and thought about it as an abstract concept. But it is a very real concept, and one that we have to employ when developing any significant Internet technology.

    Tomorrow we will continue the discussion with Bruce Schneier and others on a plenary panel session, and an overall analysis session on pervasive monitoring. We will continue reporting as the week continues. And this is not new for the IETF – we have been working on the security of the Internet for a long time. The real mark of our effect will be the specifications that we produce and their adoption in real-world devices that make the Internet work. We have a meeting this week, but the challenge is a long-term one and needs a long-term and continuous response.


    Share this page