Skip to main content
  • Google and consortium of local organizations to host first Australian IETF meeting in over 20 years

    Google, auDA, and Internet Association Australia (IAA) provide key support for Brisbane meeting to be held 16-22 March 2024

      23 Feb 2024
    • JSONPath: from blog post to RFC in 17 years

      Today the JSONPath RFC (RFC 9535) proposed standard was published, precisely 17 years after Stefan Gössner wrote his influential blog post JSONPath – XPath for JSON that resulted in some 50 implementations in various languages.

      • Glyn NormingtonRFC 9535 Editor
      21 Feb 2024
    • Stepping towards a Sustainable Internet

      The IAB’s new Environmental Impacts of Internet Technology (E-Impact) program will hold its first virtual interim meeting over two slots on 15 and 16 February 2024. These interim meetings are open to participation, and we invite all interested community members to join, participate, and contribute.

      • Jari ArkkoE-Impact Program Lead
      • Suresh KrishnanE-Impact Program Lead
      7 Feb 2024
    • What’s the deal with Media Over QUIC?

      In 2022, the IETF formed a working group for Media Over QUIC (MoQ)—a media delivery solution that has the potential to transform how we send and receive media during live streaming, real-time collaboration, gaming, and more.

      • Brett BralleyThought Leadership Content Writer, Cisco
      25 Jan 2024
    • IETF Administration LLC 2024 Budget

      The IETF Administration LLC has finalised its budget for 2024.

      • Jay DaleyIETF Executive Director
      18 Jan 2024

    Filter by topic and date

    Filter by topic and date

    Strengthening the Internet

    • Jari ArkkoIETF Chair
    • Stephen FarrellSecurity Area Director
    • Sean TurnerSecurity Area Director

    6 Nov 2013

    Reports about pervasive surveillance have been the big discussion topic in the Internet community in the last couple of months. Our commerce, business, and personal communications all depend on the Internet being secure and trusted, so the situation is disturbing.

    This week we are meeting at the IETF in Vancouver, British Columbia. Over 1200 engineers and specialists have gathered together from all over the world to work on improving various aspects of Internet technology. Surveillance has been a big discussion topic in our meeting as well. Of course, we care about the overall state of security in the Internet, and do not merely react to specific concerns. And technology is just one aspect of the recent concerns.

    Yet, the engineers are taking the security issues very seriously. Every session that we have been to during this week has gone through analysis and discussion of the state of security for their specific piece of the technology, with serious consideration for privacy. In many cases, privacy against pervasive monitoring was considered on an equal footing with other security issues for the first time.

    The first meeting that we attended on Monday morning (APPSAWG) went through application after application, considering how those applications make use of Transport Layer Security (TLS) and looking at possibilities to get the TLS-secured versions more widely and consistently deployed. We discussed plans for upgrading the handling of mail, instant messaging and voice-over-IP protocols, in each case with a view to improving the resistance of the deployed base to pervasive monitoring, and we look forward to real progress in offering guidance to those deploying all those applications.

    We also discussed the same topic within the transport stack in the multipathTCP working group where the use of opportunistic encryption was discussed. As that work matures, we might be able to expect to improve both efficiency (being able to use multiple paths) and security/privacy (in order to tie those paths together) at once, which could be a compelling prospect.

    Today we discussed improving security for web traffic. There are generally no easy solutions for Internet security improvements, but we were struck by how the HTTP working group clearly stated that doing nothing is not an option. We then proceeded to look at the various options for increasing the proportion of protected web traffic. Carefully. Considering that the Internet is not a new project but a live network with many existing components that have to continue to work. Trying to understand the impact of different options on web site adoption, the software that the engineers build for various products, and end-user experience. Being honest about the impacts and difficulties, such as user perception, the feasibility of different attacks, and the role of certification authorities, proxies, and other components.

    And this is what to us is best about the IETF community. We are faced with complex challenges, but when the right people are in the room, we can have a real and honest discussion about what is technically possible. Such discussion cannot be had without people who write the code for browsers, servers, proxies, and who understand the world of certification authorities and user experience, and those who have needs or concerns about the broader good that is the Internet. Some of you may have heard the term “multi-stakeholder” and thought about it as an abstract concept. But it is a very real concept, and one that we have to employ when developing any significant Internet technology.

    Tomorrow we will continue the discussion with Bruce Schneier and others on a plenary panel session, and an overall analysis session on pervasive monitoring. We will continue reporting as the week continues. And this is not new for the IETF – we have been working on the security of the Internet for a long time. The real mark of our effect will be the specifications that we produce and their adoption in real-world devices that make the Internet work. We have a meeting this week, but the challenge is a long-term one and needs a long-term and continuous response.


    Share this page