Skip to main content
  • Extended Protocol Provisioning Tutorial from IETF 121

    The RESTful Provisioning Protocol (rpp) Birds of a Feather session during the IETF 121 meeting featured a review of the Extensible Provisioning Protocol (EPP) of interest to anyone looking to learn more about the Domain Name System (DNS).

    2 Dec 2024
  • IETF 121 post-meeting survey

    IETF 121 Dublin was held 2-8 November 2024 and the results of the post-meeting survey are now available on a web-based interactive dashboard.

    25 Nov 2024
  • The new GREEN working group gets ready for an energy efficient Internet

    The Getting Ready for Energy-Efficient Networking (GREEN) working group will explore use cases, derive requirements, and provide solutions to optimize energy efficiency across the Internet.

    29 Oct 2024
  • IETF Annual Report 2023

    The IETF Annual Report 2023 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

    25 Oct 2024
  • IETF 122 Bangkok registration open

    Registration is now available for the IETF 122 Bangkok meeting scheduled for 15-21 March 2025, which is the first time registration for an IETF meeting has been open before the preceding meeting registration has closed.

    25 Oct 2024

Filter by topic and date

Filter by topic and date

We Will Strengthen the Internet

8 Nov 2013

Wow. What a week!

Working with Internet technology often involves details deep inside the technology. But it seems that this week has been a perfect storm of highly visible and important technical developments: A major upgrade to HTTP, the basis of all web communications. Work on future transport protocols, including proposals to add security directly to TCP. Discussing the choice of technology for making video calls directly in Web browsers without plug-ins.

And, of course, mass Internet surveillance. This was clearly the discussion that has received most attention at the IETF-88 meeting. What can we do about improving the situation? And should we? As the end of the meeting draws closer, I wanted to summarise where we are and what we are going to do.

IETF Security Area Director Stephen Farrell said that pervasive surveillance represents an attack on the Internet. And the rest of us agree. Such pervasive surveillance requires the monitoring party to take actions that are indistinguishable from an attack on Internet communications. So we are willing to work to address it, just like any other threat. Many working groups that I went to were addressing this topic in one way or the another, reviewing application by application, doing careful work to understand what options we have to improve security, and weighing the various trade-offs in different designs. As Stephen says: “While there are challenges isolating the specific areas of attack that IETF protocols can mitigate, all of the working groups that considered the topic have started planning to address the threat using IETF tools that can mitigate aspects of the problem.” In many cases, privacy against pervasive monitoring was considered on an equal footing with other security issues for the first time.

What happens next? I want to be clear that this is a long-term effort. Not a reaction to specific revelations, but a wholesale upgrade to our view what the threats in the Internet are and how they need to be addressed. And the updates will be hard work.  And technology does not have solutions for all problems. But we will be working on general IETF-wide principles on how to address the new threats, thinking about the ways to use technologies such as TLS or opportunistic encryption. And, we will be working on the specific protocols and application areas (HTTP, XMPP, etc). Of course, all this work will be done in an open manner, with broad participation and review, which is the way we work at the IETF. I would like to invite everyone to join the effort!

I was also very glad to see a lot of attention in the press for our efforts, including beyond the technical media (e.g., Economist). This underscores the broad visibility of this issue, and the importance Internet users place on our efforts to address it. Not to mention social media. For the first time we have had more people watch our meeting remotely on YouTube than onsite. Countless tweets went out on the #IETF88 hashtag.

Finally, I would claim that if there is a one video about Internet security that you watch this year, I think it should be this one: the IETF-88 technical plenary video. Do share the video with your friends and colleagues!


Share this page