By: Karen O’Donoghue
The IETF and the IAB have long been engaged in activities to rebuild user trust and strengthen the Internet in the face of pervasive monitoring and potential product vulnerabilities. The Managing Radio Networks in an Encrypted World (MaRNEW) workshop (https://www.iab.org/activities/workshops/marnew/) was the latest in a series of collaborative activities.
In November 2014, the Internet Architecture Board (IAB, www.iab.org) issued a Statement on Internet Confidentiality (https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/). This statement encouraged the widespread use of encryption to provide confidentiality and to improve the overall security of the Internet. One area of concern regarding this statement was the possible difficulty in the deployment of widespread encryption. Most of these concerns appeared to be overstated. The amount of deployed encryption appears to be rising steadily in most deployment scenarios. However, concerns remain in mobile environments. The MaRNEW workshop brought together the IETF and Groupe Speciale Mobile Association (GSMA) communities to discuss these challenges and to explore possible near-term and longer-term solutions.
Held in Atlanta, Georgia, 24–25 September 2015, the workshop was jointly sponsored by the IAB, the Internet Society (www.internetsociety.org ), AT&T (www.att.com ), and the GSMA (www.gsma.com ). Approximately 50 experts from around the world representing various constituencies, including browser vendors, content providers, content delivery networks, equipment vendors, and mobile operators, gathered to better understand the unique challenges presented by the mobile environment and to explore ways to address these challenges.
The workshop started with a couple of discussions to set the stage: an overview and process background from both the IETF and GSMA communities, followed by a session devoted to deployment considerations from IETF and GSMA perspectives. Next was a session on trust models and user choice that explored some of the perspectives and tradeoffs. The two sessions that followed explored sending data up and down for network management benefits. That was followed by sessions on application models, transport issues, and policy/regulation. The early sessions were challenging and all paths seemed to lead back to transport issues. However, by the end of the second day, several key themes emerged.
One primary observation was that the problem isn’t encryption itself, but rather current management and optimization techniques that don’t work well (or at all) in the presence of encryption. New or different ways to optimize the customer experience are needed. Topics like cooperative resource management and content delivery network (CDN) improvement were identified as key solutions. A possible new protocol for keyless SSL to make distributed CDN deployments easier was identified as near-term work.
There was also momentum gathering around the fact that the problem isn’t fully understood, and additional metrics and data that characterize how various optimization approaches work would be helpful. A framework for gathering and sharing operational data was discussed. The baseline against which new solutions would be measured is past resource management algorithms in an unencrypted world. There is a strong need for better testing and analysis tools.
Minutes from the workshop will be available on the MaRNEW workshop website in early November (https://www.iab.org/activities/workshops/marnew/). A draft report is planned by the end of the year; it will also be available on the MaRNEW website. A preliminary report from the workshop will be discussed at the Security Area Advisory Group (SAAG) meeting during the upcoming IETF 94 meeting in Yokohama.
While waiting for these more comprehensive reports and analyses, a couple of early summaries have been published. Natasha Rooney, a workshop cochair, provided a summary for the IETF chair blog athttp://www.ietf.org/blog/2015/09/impressions-from-the-marnew-workshop/. Also, Dirk Kutscher, one of the energetic participants, has posted his perspective on the workshop at http://dirk-kutscher.info/publications/managing-radio-networks-in-an-encrypted-world-2/.
The following pointers provide perspective from the GSMA and W3C:
- Network Management of Encrypted Traffic, GSMA, Feb 2015, http://www.gsma.com/newsroom/wp-content/uploads/WWG-04-v1-0.pdf.
- The W3C Tag Finding on “Securing the Web”, January 2015, https://w3ctag.github.io/web-https/.
All in all, it was an intense two days of discussion. By the end, there was general consensus on some near-term work items and an agreement that further discussion and analysis is required.