The ongoing efforts of the Internet community to strengthen the Internet continue with IETF 94 in Yokohama next week. Even though it seems like just yesterday we were in Prague for IETF 93, there is progress to report and new activities to highlight. In this edition of the Rough Guide, we will highlight the IAB Privacy and Security program including the recently held MaRNEW workshop, the Crypto Forum Research Group, and the TLS working group including the upcoming TRON workshop.
The Internet Architecture Board (IAB), through its Privacy and Security Program, has been focusing on strengthening the Internet by looking at threats, mitigations, and trust models. Since IETF 93, RFC 7624 “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement” has been published. The IAB program is now working on a follow-on document discussing relevant mitigations, “ Confidentiality in the Face of Pervasive Surveillance“. Additionally, a draft has been adopted identifying issues and emerging solutions to some of the key issues associated with the webpki infrastructure, “ Problems with the Public Key Infrastructure (PKI) for the World Wide Web”. Both these document will be discussed during the week in Yokohama. Review and submit your comments now!
Also since IETF 93, the IAB held a workshop jointly with the GSMA on Managing Radio Networks in an Encrypted World (MaRNEW). The submitted papers, workshop agenda, and the presentations are currently available at https://www.iab.org/activities/workshops/marnew/. Minutes are expected by the end of October, and a draft workshop report is targeted for the end of the year. Both of these will be provided on the workshop page referenced above. A short report on this workshop is in the recent issue of the IETF Journal. There will also be a report and discussion of the workshop provided in the SAAG meeting on Thursday afternoon.
Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg) continues to focus on use of cryptography for IETF protocols. It has been focusing extensively on the selection of new elliptic curves for use in IETF protocols, and rough consensus on this topic is documented in “ Elliptic Curves for Security”. Since IETF 93, this document has been completed and forwarded to the RFC Series editor for publishing. Topics for discussion at the meeting this week will include elliptic curves, PAKE, post-quantum secure signatures, and key exchange. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.
There are a significant number of IETF working groups progressing efforts related to strengthening the Internet that will be meeting this week. In this post I will focus on primarily on TLS. Other working groups also working on strengthening the Internet are discussed in the “DNSSEC, DANE, DPRIVE, and DNS Security” and the “Trust, Identity, and Privacy” Rough Guide posts in the coming days, so watch the Rough Guide to IETF 94 for updates.
The Transport Layer Security (TLS) working group is actively working on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016. This meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker: https://github.com/tlswg/tls13-spec/issues.
As a side note, the TLS working group plans to solidify the TLS 1.3 specification and pause for a brief period to allow security researchers time to analyze the specification. As part of this effort, the TLS1.3 Ready or Not (TRON) workshop has been planned in conjunction with the Network and Distributed System Security Symposium (NDSS) in February 2016. The call for papers is available now and anyone interested in improving the robustness of the new TLS specification is strongly encouraged to participate.
Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security-related conversations ongoing in the IETF. This week’s session will include the MaRNEW overview discussed above as well as a discussion about standardization of cryptographic application techniques for Internet of Thing (IoT).
All in all, the work continues to make encryption more widespread and easier to deploy for a stronger Internet.
Related Meetings, Working Groups, and BOFs at IETF 94:
cfrg (Crypto Forum Research Group)
Monday, 2 November 2015, 1520-1650 JST, Room 303
tls (Transport Layer Security) WG
Wednesday, 4 November, 2015, 0900-1130 JST, Room 303,
Thursday, 5 November, 2015, 1740-1840 JST, Room 501
saag (Security Area Advisory Group)
Thursday, 5 November 2015, 1300-1500 JST, Room 502
There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see https://dev.internetsociety.org/tag/ietf94/.
Photo Credit: www.istock.com