This is my second contribution to The IETF Journal as chair of the Internet Architecture Board (IAB). It comes at a very eventful time. The news about pervasive surveillance of the Internet by several collaborating governments dominated the discussion at IETF 88 in Vancouver, and it has dominated mail list discussion since the meeting.
By: Russ Housley
The Technical Plenary at IETF 88 was held in a very full room—I can’t recall a better-attended plenary session. Presentations focused on reports of large-scale Internet traffic monitoring, summary of previous policy debates in the IETF, and potential actions that could be taken by the IETF. We’re all aware that targeted interception takes place, but the scope and scale disclosed in recent news reports surprised the community. The threat is quite different than previously understood, and the community is considering a variety of responses.
From my position in the front of the room, it was clear that the community considers pervasive surveillance an attack, and the community will adjust its threat model to consider countermeasures to pervasive surveillance when developing future specifications and updating old ones. Many felt that specifications should include encryption—even without authentication—where practical.
The IAB, alongside the Internet Society, the Institute of Electrical and Electronics Engineers (IEEE), and the World Wide Web Consortium (W3C), affirmed the OpenStand principles for the development of global, open standards:
While the OpenStand principles cannot ensure that all participants are acting in good faith, following the principles is the best way we know to decrease the risk that any participant can inappropriately manipulate the standards development process. We believe organizations that operate according to the OpenStand principles create the most robust basis for trustworthy standards in all fields of technology, including security and privacy.1
A second statement has become known as the “Montevideo Statement.” The IAB chair and leaders of nine other Internet organizations signed a statement regarding the Internet Assigned Numbers Authority (IANA) that is consistent with RFC 6220 and previous IAB statements.2
Highlights since IETF 87
The IAB appointed Russ Mundy to the Internet Corporation for Assigned Names and Numbers (ICANN) NomCom for 2014. Many thanks to Ole Jacobsen for his contributions to the ICANN NomCom over the last two years.
The IAB published RFC 6950 on “Architectural Considerations on Application Features in the DNS.”3
The IAB sent comments4 to the US National Institute of Standards and Technology (NIST) supporting the reopening of the comment period on NIST SP 800-90A and recommending changes to the review process for cybersecurity and cryptographic standards to enhance transparency and openness.
Upcoming IAB Workshop
The IAB and W3C are hosting a workshop entitled, “Strengthening the Internet Against Pervasive Monitoring (STRINT)”5 on 28 February 2014. The workshop will take place in London with support from the European Union FP7 Strategic Research Roadmap for European Web Security (EU FP7 STREWS) programme.6 Participants are required to submit short position papers or Internet-Drafts.