Skip to main content
  • Time to update the Network Time Protocol

    The Network Time Protocol (NTP) is a foundational Internet standard that has provided clock synchronization between computer systems since the early 1980s. It was first standardized as RFC 958 in Sept 1984 with several revisions in the following years. Discussions have been ongoing in the NTP working group for a few years now about updating NTPv4 to NTPv5. This update is motivated by lessons learned, ongoing vulnerabilities, and emerging use cases.

    • Karen O'DonoghueNTP Working Group Chair
    • Dieter SieboldNTP Working Group Chair
    30 Sep 2022
  • Report from IAB workshop on Analyzing IETF Data (AID) 2021 published

    The Internet Architecture Board (IAB) has published the official report from the workshop on Analyzing IETF Data (AID) 2021.

      28 Sep 2022
    • Applied Networking Research Prize presentations at IETF 115

      The Internet Research Task Force (IRTF) open session at the IETF 115 meeting will feature presentations on research into domain hijacking, the IETF's organizational culture, and DDoS attack detection and mitigation.

        27 Sep 2022
      • Supporting diversity and inclusion at IETF meetings by providing childcare

        Thanks to the generous support of IETF Diversity & Inclusion sponsors, onsite childcare at an IETF meeting was provided for the first time ever during IETF 114. The successful experience and continued support of sponsors means it will again be offered at the IETF 115 meeting on 5-11 November 2022.

          14 Sep 2022
        • IETF Annual Report 2021

          The IETF Annual Report 2021 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

            9 Sep 2022

          Filter by topic and date

          Filter by topic and date

          Strengthening the Internet

          • Jari ArkkoIETF Chair
          • Stephen FarrellSecurity Area Director
          • Sean TurnerSecurity Area Director

          6 Nov 2013

          Reports about pervasive surveillance have been the big discussion topic in the Internet community in the last couple of months. Our commerce, business, and personal communications all depend on the Internet being secure and trusted, so the situation is disturbing.

          This week we are meeting at the IETF in Vancouver, British Columbia. Over 1200 engineers and specialists have gathered together from all over the world to work on improving various aspects of Internet technology. Surveillance has been a big discussion topic in our meeting as well. Of course, we care about the overall state of security in the Internet, and do not merely react to specific concerns. And technology is just one aspect of the recent concerns.

          Yet, the engineers are taking the security issues very seriously. Every session that we have been to during this week has gone through analysis and discussion of the state of security for their specific piece of the technology, with serious consideration for privacy. In many cases, privacy against pervasive monitoring was considered on an equal footing with other security issues for the first time.

          The first meeting that we attended on Monday morning (APPSAWG) went through application after application, considering how those applications make use of Transport Layer Security (TLS) and looking at possibilities to get the TLS-secured versions more widely and consistently deployed. We discussed plans for upgrading the handling of mail, instant messaging and voice-over-IP protocols, in each case with a view to improving the resistance of the deployed base to pervasive monitoring, and we look forward to real progress in offering guidance to those deploying all those applications.

          We also discussed the same topic within the transport stack in the multipathTCP working group where the use of opportunistic encryption was discussed. As that work matures, we might be able to expect to improve both efficiency (being able to use multiple paths) and security/privacy (in order to tie those paths together) at once, which could be a compelling prospect.

          Today we discussed improving security for web traffic. There are generally no easy solutions for Internet security improvements, but we were struck by how the HTTP working group clearly stated that doing nothing is not an option. We then proceeded to look at the various options for increasing the proportion of protected web traffic. Carefully. Considering that the Internet is not a new project but a live network with many existing components that have to continue to work. Trying to understand the impact of different options on web site adoption, the software that the engineers build for various products, and end-user experience. Being honest about the impacts and difficulties, such as user perception, the feasibility of different attacks, and the role of certification authorities, proxies, and other components.

          And this is what to us is best about the IETF community. We are faced with complex challenges, but when the right people are in the room, we can have a real and honest discussion about what is technically possible. Such discussion cannot be had without people who write the code for browsers, servers, proxies, and who understand the world of certification authorities and user experience, and those who have needs or concerns about the broader good that is the Internet. Some of you may have heard the term “multi-stakeholder” and thought about it as an abstract concept. But it is a very real concept, and one that we have to employ when developing any significant Internet technology.

          Tomorrow we will continue the discussion with Bruce Schneier and others on a plenary panel session, and an overall analysis session on pervasive monitoring. We will continue reporting as the week continues. And this is not new for the IETF – we have been working on the security of the Internet for a long time. The real mark of our effect will be the specifications that we produce and their adoption in real-world devices that make the Internet work. We have a meeting this week, but the challenge is a long-term one and needs a long-term and continuous response.


          Share this page