IETF News

Words from the IAB Chair

During the IETF 91 meeting in Honolulu, the Internet Architecture Board (IAB) released a statement about Internet confidentiality; shortly after IETF 91, the IAB issued a statement about the NETmundial Initiative. After a list of highlights since IETF 90, this article repeats the previous two IAB statements without editorial comment.

By: Russ Housley

Date: March 6, 2015

line break image

Highlights since IETF 90

IAB Statement on Internet Confidentiality

In 1996, the IAB and Internet Engineering Steering Group recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

The IAB urges protocol designers to design for confidential operation by default.  We strongly encourage developers to include encryption in their implementations and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.

We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.

IAB Statement on the NETmundial Intiative

The IAB thinks it is valuable to develop tools to support communities that can share solutions, expertise, and research related to Internet Governance. We welcomed the initial NETmundial meeting as an additional way to foster the development of a broadly based community engaged in supporting the Internet’s distributed systems and methods. We believe that the recent NETmundial Initiative (https://www.netmundial.org/press-release-1) to develop a long-running dialogue on these topics, in the form of a web site and collection of materials, may be a valuable addition to the overall community efforts.

We are concerned, however, that the creation of a highly structured coordination council for the Initiative may impede the development of broad participation, and so may be premature. Because the coordination council members appear to be the responsible parties for the effort, the effort may not foster the sort of community engagement that we believe is fundamental to the Internet’s distributed nature and the NETmundial principles (https://www.netmundial.org/principles).

To make the Internet work, many people with unique perspectives of the Internet and from different communities must cooperate. We believe a broadly based dialogue among all these communities is necessary, and support any effort to enable this dialogue. The permissionless innovation given as the goal of this effort is better served by first enabling technical infrastructure to further that cooperation; that might require some lightweight administration driven by community consensus. No coordination council is needed now, and therefore the IAB will not participate in the council at this time.

No Comments to Show

Leave a Reply

Your email address will not be published. Required fields are marked *