By: Jari Arkko
Date: March 1, 2014
The year 2013 was very active for the Internet Engineering Task Force (IETF). Much of what we worked on during the year is having a significant impact on the evolution of Internet technology, including surveillance revelations, the revision of hypertext transfer protocol (HTTP) and transport layer security (TLS), new browser-based voice over Internet protocol (VoIP) and video platforms, and software-defined networking. Our discussions also covered diversifying the IETF, the role of the Area Directors and the IESG, and participation in Internet governance discussions.
Pervasive monitoring was perhaps the biggest worldwide Internet topic this year. Our role at the IETF dictates that we not involve ourselves in the politics of such activities, but that we strive to understand what threats exist in the Internet. At our Vancouver meeting we addressed these issues as we would any other vulnerability or threat in the Internet—we considered them as threats to defend against.
While communications security alone is not a solution to pervasive monitoring, there are improvements in technology that could reduce opportunities for wholesale data collection. As part of the IETF’s ongoing commitment to confronting security vulnerabilities and improving the security of the Internet, we are actively working on some of these improvements (e.g., protocol updates, applications, better use of TLS) and have created the Using TLS for Applications (UTA) working group to drive this work.
As I speak with people around the world about this topic, it becomes clear how very highly appreciated our work on improving the security against pervasive monitoring is. Of course, a lot of hard work remains. We will continue to place our attention on this topic, in our working group lists, interim meetings, at the London IETF meeting, at the IAB workshop, and so on. (For more information on the IAB Workshop, see “Words from the IAB Chair” in this issue.)
TLS and HTTP protocols are cornerstones of the Web protocol stack, and their revisions (TLS 1.3 and HTTP 2.0) make them more secure and faster to use—important improvements in light of the pervasive monitoring discussion.
Outside of the security concerns, we have been working with the W3C, other developers, and the WebRTC on a plugin-free mechanism that allows browsers to make voice and video calls—this is an exciting and much needed functionality that’s drawn so much attention that some of the technical choices (e.g., video codec selection) have sparked intense debate.
Software-defined networking (SDN) and network virtualisation also have been hot topics in the industry. IETF efforts on these topics include the I2RS, SFC, FORCES, NVO3, and SPRING working groups and the SDN research group. Expect to see even more activity in this space in 2014.
Internet governance discussions in 2013 occurred in both existing and new forums and were largely fueled by surveillance discussions. This will continue in 2014. Our role at the IETF is to be a part of the growing Internet community who cares that the Internet can continue to be managed in appropriate ways, consistent with its long evolution.
We have often discussed the central role of the Internet Engineering Steering Group (IESG) in the IETF, but the problems in finding a candidate to fulfill the position of the transport area director (AD) last spring drove the point home. Our organisation is too centralised, which in turn puts a high load on the ADs and disempowers the working groups. To alleviate this issue, so far we’ve implemented early directorate reviews and invited document shepherds on IESG calls. I believe this isn’t nearly enough, but it’s a start. More effort in this direction will come.
None of the aforementioned accomplishments would be possible without a strong and growing organisation. To that end, we’re improving inclusiveness at all levels: in March 2013, we started a conversation around improving the diversity of IETF participants and leadership, and ensuring that all voices are heard. I’m proud of the programmes and initiatives that we have that make diverse participation easier: Internet Society policymaker and Fellow programmes, the mentoring programme, our antiharassment policy, the update of the IETF code of conduct, the decision to hold a meeting in South America, and so forth. The discussion itself is perhaps the most important result, as it will remind all of us how important this issue is and enable us to actively take these considerations into account. But rest assured, our work on this front to date is just the first step—it is part of the kind of long-term process that helped the IETF evolve into the respected international organisation it is.