Strengthening the Internet and encryption continue to be active areas for the IETF community. The news stories related to encryption just seem to keep coming. Now some governments are even considering requiring key escrow or banning encryption outright. The stakes continue to rise in this discussion. In this section of the Rough Guide, we will focus on CrypTech, the IAB Privacy and Security program, the Crypto Forum Research Group, and a few relevant IETF work groups happening at IETF 93 in Prague next week.
First, CrypTech (website: https://cryptech.is; wiki: https://trac.cryptech.is/wiki; mailing list: https://wiki.cryptech.is/wiki/MailingLists) is a project to create an open hardware cryptographic engine developed in a transparent manner. While this project is technically outside the scope of the IETF, it was originally started with the support of IETF and IAB leadership. CrypTech is making excellent technical progress, but it needs to establish more robust and stable funding.
At IETF 93, there will be several opportunities to learn more about the CrypTech project and to get involved. First, there will be a hands-on workshop on Saturday, 18 July, to learn more about the current state of the project. A detailed agenda is available here: (https://trac.cryptech.is/wiki/PrahaWorkshop) CrypTech will also be an agenda item in the saag and cfrg meetings mentioned below. This is an interesting project with great potential and many opportunities to participate and contribute.
Moving on, the Internet Architecture Board (IAB, www.iab.org), through its Privacy and Security Program (https://www.iab.org/activities/programs/privacy-and-security-program/) is continuing to work on the topic of confidentiality. A document on “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement” (https://tools.ietf.org/html/draft-iab-privsec-confidentiality-threat-07) has been approved and is in the final steps of publication. The program is now working on a mitigations draft entitled “Confidentiality in the Face of Pervasive Surveillance” (https://tools.ietf.org/html/draft-iab-privsec-confidentiality-mitigations-02). Now is an excellent time to find some of the program participants and discuss this document with the authors.
While this is not an IETF 93 activity, the IAB is also working with the GSMA to plan a workshop on Managing Radio Networks in an Encrypted World (MaRNEW). There is still time to put together position papers if you feel you have something to contribute in this space. (https://www.iab.org/activities/workshops/marnew/) The workshop is planned for 24-25 September in Atlanta, GA, and there should be interesting results to review in time for IETF 94.
Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg, https://irtf.org/cfrg) continues to focus on use of cryptography for IETF protocols. It has been focusing extensively on the selection of new elliptic curves for use in IETF protocols, and rough consensus on this topic is documented in “Elliptic Curves for Security” (https://tools.ietf.org/html/draft-irtf-cfrg-curves-02). Hot topics at the meeting this week will include pake schemes, extended hash-based signatures, and elliptic curve signatures. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.
There are also a number of IETF working groups progressing efforts related to strengthening the Internet that will be meeting this week. In this post I will focus on tls and uta. Other working groups also working on strengthening the Internet are discussed in the “ DNSSEC, DANE, DPRIVE, and DNS Security” and the soon-to-come “Trust, Identity, and Privacy” Rough Guide posts.
The Transport Layer Security (tls) working group is actively working on an update to the TLS protocol (https://tools.ietf.org/html/draft-ietf-tls-tls13-07). This is a very active working group with a mailing list that is not for the faint of heart. There will be two sessions and a total of 4.5 hours of meeting time devoted to progressing the agenda. Topics for IETF 93 include known configuration mechanisms, 0-RTT, PSK and resumption, client authentication, and cipher suites among others.
Since the last IETF meeting, the Using TLS in Applications (uta) working group has published two RFCs; RFC 7525 ”Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)” (https://tools.ietf.org/html/rfc7525) and RFC 7590 “Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)“ (https://tools.ietf.org/html/rfc7590). This meeting will focus on enhanced email privacy and TLS/DTLS security modules.
Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security-related conversations ongoing in the IETF. This week’s session will include CrypTech along with the state of transport security in email and http. All in all, there is much to see and do in the world of Strengthening the Internet for IETF 93.
Related Meetings, Working Groups, and BoFs at IETF 93:
cfrg (Crypto Forum Research Group)
Wednesday, 22 July 2015, 1300-1530, Athens/Barcelona
tls (Transport Layer Security) WG
Tuesday, 21 July, 2015, 1520-1720, Congress Hall III,
Wednesday, 22 July 2015, 0900-1130, Grand Ballroom
uta (Using TLS in Applications) WG
Tuesday, 21 July 2015, 1740-1840, Congress Hall III
saag (Security Area Advisory Group)
Thursday, 23 July 2015, 1300-1500, Congress Hall II
There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf93.