Building Trust IETF Improving Technical Security Open Internet Standards Privacy Technology

Video Archive: ISOC Panel at IETF 90 on Security and Privacy

Yesterday, we held our ISOC Briefing Panel, called “Internet Security and Privacy: Ten Years Later,” during IETF 90 in Toronto. In case you missed it, the video archive of the session is now available.

Andrei Robachevsky moderated the panel, as four distinguished experts discussed the nature of Internet security and its evolution. The speakers were:

  • Lucy Lynch
  • Danny McPherson
  • Dave Oran
  • Wendy Seltzer

Panelists discussed how Internet security and privacy landscapes have changed over the years, challenges we still need to address, and whether we’ll still be using the same security building blocks ten years from now. They also brought up the societal and legislative changes that have affected the Internet, including user interfaces and risk assessment, privacy and identity implications of ‘free’ online services, and how we as a technical community can work together to implement more of the existing security standards like DNSSEC, DANE, and TLS.

The full webcast is available to watch at, and is embedded below.

Did you join us in person, or did you watch remotely? What did you think of the session?

Building Trust IETF Improving Technical Security Open Internet Standards Technology

TODAY – ISOC Briefing Panel on Internet Security and Privacy – Webcast and Extra Seats

Today, at 11:45 AM EDT, we’ll hold and livestream the “Internet Security and Privacy: Ten Years Later” ISOC briefing panel during IETF 90 in Toronto. Two bits of good news: (a) we have a bigger room than usual, so we have some extra seats, and (b) the webcast will be available to everyone!

How have Internet security and privacy landscapes changed since the Internet’s inception? What challenges do we still need to address, and will we still be using the same building blocks (TLS, DNSSEC, etc.) ten years from now? If not, what’s next? These are the types of questions we’ll be asking our panelists today.

Andrei Robachevsky will moderate the panel, as four distinguished experts discuss the nature of Internet security and its evolution. The speakers are:

    • Lucy Lynch
    • Danny McPherson
    • Dave Oran
    • Wendy Seltzer


If you pre-registered to participate onsite, great! We will see you in the Ontario Room at the Fairmont Royal York just before 11:45 AM EDT, and you’ll get a boxed lunch as usual. If you didn’t pre-register but you’re here, we will be able to accept some walk-ins. (Unfortunately, you will NOT get lunch, though.) And if you aren’t in Toronto, you can still join remotely to participate in the discussion.

We hope to see you there (in person or online)!


The Internet Society announces its 25th Cohort of Technology Fellows to the Internet Engineering Task Force Meetings

 “The Internet is Magic”

The Internet Engineering Task Force (IETF) is an open community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet’s architecture and smooth operation. Organized in 1986, the IETF produces open standards that are the cornerstone of a vibrant Internet that many of us have the luxury of taking for granted.

As the next billions of Internet users come online, they will come from countries like Argentina, Brazil, China, India, and Kenya. The Internet Society Fellowship to the IETF provides technologists from these countries and more the opportunity to have a voice in the development of open standards, and to connect with Internet pioneers and peers. Since its inception in 2006, the Fellowship programme has provided nearly 225 awards to individuals from more than 50 countries from developing and emerging economies.

As one former Fellow from Venezuela noted, “The Internet is magic. It makes it possible for me to stay in touch with my family while I am in a different country. There is so much I can do and, because of this Fellowship, I now understand more of what goes into making it work.”

The IETF technical community this week in Toronto will be actively engaged in the ‘nuts and bolts’ of what makes the Internet work. It is that critical work that makes the magic happen — and we are grateful for all that it enables, including the connections across boundaries, unbounded innovation, and better opportunities and access for everything from education to health care. To that end, we congratulate this meeting’s Fellows.

Over the years, participation has become increasingly competitive. An important factor in considering an applicant’s selection is a demonstration of how they will apply their learnings to their regions and local communities — and bring that magic home.

Here is more about the experiences and interests of the 11 new and returning Fellows selected for the IETF 90 meeting in Toronto and ISOC’s 25th cohort of Fellows to IETF:

Shabbir Ahmed (Bangladesh) is a Professor at the University of Dhaka. He also works as a Consultant to DrikICT (an ISP in Bangladesh), and is a Chapter Leader in the ISOC Bangladesh Dhaka chapter. Shabbir holds a BSc. in Applied Physics and Electronics, MSc. in Computer Science, and a Ph.D. in Computer Science and Engineering. His research interest includes routing challenges in DTN, data mining techniques, and IPv6 deployment and operations. He is a long-time follower of the IETF MANET working group at the IETF. Shabbir was previously a Fellow to IETF 84.

Abhijan Bhattacharyya (India) currently works as a scientist in the Innovation Lab of Tata Consultancy Services, where he is involved in R&D and works on protocols for resource constrained domains to help Tata create reusable solutions for Internet of Things (IoT) use cases. Abhijan is passionate about learning new technologies and applying the knowledge towards creating innovative solutions. He is currently subscribed to the CoRE, ACE, and DTLS-IoT working groups in the IETF.

Jeferson Campos Nobre (Brazil) is a Ph.D. student at Federal University of Rio Grande do Sul, Brazil. He is a member of Computer Networks Group, working on network management, and is a Lecturer at the University of Vale do Rio do Sinos. His core interest is in distributed and autonomic network management, and he is involved in NMRG and network monitoring related working groups (LMAP, IPFIX, IPPM). His Ph.D research is in the areas of autonomic distributed control of active measurement mechanisms based on the IETF standards One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protoco (TWAMP).

Nicolas Fiumarelli (Uruguay) currently works at LACNIC and specializes in Software and Network Engineering. He is presently involved in the development of RPKI policies and algorithms and how they apply to protocols such as SIDR and IDR. He maintains that the technical community has a strong role to play in the IANA transition, and is following those developments closely. He is also currently performing research on elliptic curves and artificial intelligence at the Universidad de la República in Uruguay.

Giuseppe Gangi (Venezuela) is a Software Developer and Free Open Source Software consultant and advocate. He is very excited about participating in the IETF 90 Meeting and is looking forward to becoming more involved in standards development as the basis for establishing himself as a leader and contributor to society.

Fahima Ahmed Khan (Pakistan) currently works in Security & Compliance and Information Assurance at Grameenphone Ltd of Telenor Group. Her role is to assess and validate the security of network and application systems, monitor and identify security incidents and ensure compliance with Sarbanes-Oxley (SOX), ISO27001 and other information systems control frameworks. Fahima holds a BSc. in Computer Engineering and a MBA. She is also qualified as a Certified Information Systems Auditor (CISA), and as such has strong interest in security-related IETF working groups such as NEA, OAUTH, SACM, and TLS.

Frank Maginga (Tanzania) is a Network Planning Engineer with specific focus on Next Generation Networks (NGN) and IP/MPLS Networks at TTCL, a telecom operator in Tanzania. His main responsibilities are to design, plan, and develop efficient networks and infrastructure for TTCL to meet business and service goals. He is interested in QoS techniques and end-to-end performance measurement on the Internet, and is subscribed to the LMAP working group.

Hugo Morillo (Venezuela) is currently employed as an IT Advisor at Pricewaterhouse Coopers Venezuela. He possesses a BSc. in Systems Engineering. Hugo is passionate about new technologies, software development, online gaming and production of short-films. His particular interests in regards to the IETF are IPv6 operations and web security.

Tirumaleswar Reddy (India) is a Technical Lead at Cisco Systems, where he works on firewall and cloud-based Security as a Service (SaaS) features. He has 12 patents pending approval at the U.S. Patent Offices, and is conducting research in the areas of Security, WebRTC, Privacy and AEON (Application Enabled Open Networking). He is also an active contributor to the PCP, TRAM and RTCWEB working groups at the IETF.

Tauqeer Safdar (Pakistan) is a Ph.D. student at University Technology PETRONAS Malaysia. He is a member of the Computer Networks Group, working on network routing, IPv6, MANET and security. He is also a Lecturer in the Department of IT Networking, Higher College of Technology, Muscat, Oman. He is passionate about routing and network management, especially issues related to routing security in IPv6. He is active in ISOC chapters in both Malaysia and Pakistan, specifically working on IPv6-related issues. He is involved in the MANET, IPv6 and Routing working groups in the IETF, and has also co-authored a number of RFCs. Tauqueer is a previous Fellow to IETF 86.

Nestor Michael Tiglao (Philippines) is an Associate Professor of Electrical and Electronics Engineering at the University of the Philippines in Quezon City, Philippines. He holds a BSc. in Electrical Engineering, MSc. in Electrical Engineering, and a Ph.D. in Electrical and Computer Engineering. He is currently working on a wireless sensor network project for smart grid applications. Nestor is passionate about education and using technology such as the Internet for improving the overall quality of life and for building a better society. Nestor has previously been a Fellow at IETF 81 and IETF 85.


IETF Improving Technical Security Open Internet Standards Technology

At IETF 90, Looking to the Future to Build Today's Internet Security and Privacy

From 1145-1300 EDT on Tuesday, 22 July, in the midst of the IETF 90 meeting week, we will hold our traditional Internet Society briefing panel. This time, I’ll moderate as four distinguished experts discuss the nature of Internet security and its evolution in a session titled “Internet Security and Privacy: Ten Years Later“. The speakers are:

  • Lucy Lynch
  • Danny McPherson
  • Dave Oran
  • Wendy Seltzer

The Internet has become a complex ecosystem, bigger than the sum of its elements. We have a good grasp on security and privacy considerations of individual elements, but less on how they contribute to the overall security and privacy of the Internet. What are the critical elements that will shape the state of security and privacy in ten years? What are the biggest threats to security and privacy today, and how will they develop tomorrow?

If you already registered to participate onsite, great! We will see you there at 1145 EDT on Tuesday. If you didn’t register but you’ll be in Toronto, we should be able to accept some walk-ins. (We may run out of lunches, but we might be able to get you a seat at least.) And if you won’t be in Toronto, you can still join remotely to participate in the discussion.

We hope to see you there (in person or online)!

IETF Improving Technical Security Open Internet Standards Technology

ISOC Rough Guide to IETF 90: Routing Resilience

Security and resilience are important aspects of IETF work and there are many Working Groups (WGs) that contribute to the Internet routing infrastructure, including:

    • Secure Inter-Domain Routing (SIDR, WG
    • Global Routing Operations (GROW, WG
    • Inter-Domain Routing Working Group (IDR, WG
    • Operational Security (OPSEC, WG

All of these WGs are meeting next week at IETF 90 in Toronto.

Securing Inter-Domain Routing (SIDR)

The SIDR WG is focusing on securing inter-domain routing. The overall architecture is based on a Resource PKI (RPKI), which adds an authentication framework to BGP and is an important component of BGP security extensions – BGPSEC, also developed in SIDR WG. This is a key technology for improving trust in the routing infrastructure.

RPKI still dominates the discussions. These result in refinements of the protocols and fixing some of the issues. This is a normal cycle of protocol maturity, when operational experience is fed back into the protocol development, leading to improvements.

One such refinement is an update to RFC 6810 that defines the RPKI to router protocol, allowing a router to receive prefix origin data from a trusted cache. The document draft-ietf-sidr-rpki-rtr-rfc6810-bis proposes a few changes based on the group’s discussion at IETF 89.

Other updates include a small change to signature algorithms in RFC 6485 “The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)” and RFC 6490 “Resource Public Key Infrastructure (RPKI) Trust Anchor Locator”, introducing multiple publication points for the Trust Anchor.

Perhaps a bigger change that is being discussed is related to the problem of potential operational fragility in the management of certificates in the RPKI in response to the movement of resources across registries described by the draft “RPKI Validation Reconsidered”. The problem in a nutshell is that in the current model, specified by RFC 6487, a certificate is considered invalid if a proper validation path cannot be built for all resources specified by that certificate. But in operational reality such a situation can occur, for instance, with the resource transfer, when “shrinkage” of the parent certificate will immediately invalidate the whole branch beneath, unless all subordinate certificates are also re-issued. If such a situation happens high in the hierarchy, say at the RIR level, the impact can be pretty severe. The draft also describes alternative approaches, although the focus of the discussion now is on the problem.

There are some movements in the BGPSEC area, too. The Security Requirements for BGP Path Validation document is now under the IESG evaluation and that opens the specification of the BGPSEC protocol itself for discussion. A new version of the spec (draft-ietf-sidr-bgpsec-protocol-09) appeared recently, as it was dormant for some time awaiting the requirements that many participants felt should come first.

The meeting agenda for SIDR WG is pretty full. In addition to the issues I already mentioned, participants will discuss router keying for BGPsec, validation signaling, and various models for ensuring more “checks and balances” in the RPKI system and control of a resource holder over their resources there. The latter come in different flavors: LTA, SLURM, Suspenders. I am sure it will be an interesting discussion.

Global Routing Operations (GROW)

The focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of the items, which originally emerged in the SIDR WG and has now also been discussed in the GROW WG, is so-called “route-leaks”. Simply speaking, this describes a violation of a “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer. This introduces the potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see

Just recently, another draft was submitted that enumerates different types of route leaks based on observed events on the Internet. It illustrates how BGPSEC in its current form already provides protection against all but one of these route-leaks scenarios. It is not yet a WG item, but may get some airtime at the meeting.

Inter-Domain Routing (IDR)

The IDR WG continues to work on better handling of malformed BGP attributes that may cause serious outages, and even cascading effects for other networks. A draft “Revised Error Handling for BGP UPDATE Messages” is aimed at improving the robustness of the BGP. It has already undergone 13 revisions, so the issue appears to be complex.

Operational Security (OPSEC)

Finally, in the OPSEC WG, the draft “BGP operations and security”, which documents operational issues and best current practices with regard to routing security, has gone through a second WG Last Call and is close to being published as a BCP RFC.

In summary, there is a considerable set of work underway across a number of IETF working groups to ensure the Internet’s routing infrastructure is more secure and resilient in both the short and long runs.

Related Working Groups at IETF 90

SIDR (Secure Inter-Domain Routing) WG
(Friday, 25 July, 0900-1130 EDT, Territories Room)

GROW (Global Routing Operations) WG
(Friday, 25 July, 1150-1320 EDT, Ontario Room)

IDR (Inter-Domain Routing Working Group) WG
(Tuesday, 22 July, 0900-1130 EDT, Tudor 7/8 Room)

OPSEC (Operational Security) WG
(Tuesday, 22 July, 1300-1400 EDT, Territories Room)

There’s a lot going on next week, and whether you plan to be there or join remotely, there’s much to follow. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see

Building Trust IETF Open Internet Standards Technology

Rough Guide to IETF 90: Scalability & Performance

In this post I’ll shine a light on some of the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) efforts underway to explore and address more sophisticated ways to use available bandwidth, improve Internet performance, and otherwise efficiently get content to where it needs to be. These groups will all be meeting as part of the IETF 90 meeting in Toronto next week.
I’ll highlight one birds-of-a-feather (BoF) meeting: The Delay Tolerant Networking (DTN) BoF is looking to investigate interest in transitioning technologies developed in the IRTF DTN research group into standards-track activities through the formation of a new IETF working group. Examples of the sort of environments where DTN solutions may be appropriate include spacecraft, military/tactical, some forms of disaster response, underwater, and some forms of ad-hoc sensor/actuator networks. They may also include Internet connectivity in places where performance may suffer such as developing parts of the world.
After their BoF meeting at IETF 89 in London, the Transport Services (TAPS) Working Group has been formed and will have its first meeting in Toronto. The group is wrestling with the problem of how to provide a richer set of transport services to applications without many of the complications that exist today resulting in developers either using TCP or implementing their own customized solution over UDP.
The TCPcrypt ‘mini-BoF’ meeting in London has also yielded a new working group and the TCP Increased Security (tcpinc) Working Group will have its first face-to-face meeting to begin work to develop the TCP extensions to provide unauthenticated encryption and integrity protection of TCP streams.
In the IRTF, a proposed research group on the subject of data centre latency control (dclcrg) will meet. In recent years a number of techniques have been documented in the research literature on reducing latency for applications running in large data centres and this research group will seek to develop shared problem statements, solutions and other experimental tools.
Related Working Groups and BoFs at IETF 90
dtnwg (Delay Tolerant Networking Working Group) BoF
WG Agenda:
(Wednesday, 23 July 2014, 1520-1650 EDT, Tudor 7/8)
taps (Transport Services) WG
Agenda: TBD
(Monday, 21 July 2014, 1520-1650 EDT, Ballroom)
tcpinc (TCP Increased Security) WG
(Thursday, 24 July 2014, 1520-1720 EDT, Tudor 7/8)
dclcrg (Proposed Data Centre Latency Control Research Group)
(Friday, 25 July 2014, 0900-1130 EDT, Ontario)

There’s a lot going on next week, and whether you plan to be there or join remotely, there’s much to follow. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see

Improving Technical Security Open Internet Standards

Announcing the Internet Society Briefing Panel at IETF 90 – "Internet Security and Privacy: Ten Years Later"

How have Internet security and privacy landscapes changed since the Internet’s inception? What challenges do we still need to address, and will we still be using the same building blocks (TLS, DNSSEC, etc.) ten years from now? If not, what’s next? These are the types of questions we’ll be asking our panelists at the IETF 90 Internet Society Briefing Panel on Tuesday, 22 July 2014, called “Internet Security and Privacy: Ten Years Later.

From the session abstract:

Many fundamental Internet protocols and architectural elements were designed for relatively closed and controlled networks and later used in a fairly trusted environment. Then came explosive Internet growth that changed its very nature – the Internet became a global, open communication medium to which anyone could connect and contribute.

At the same time, the Internet model was also changing. Concentration and centralization of certain functions at various Internet architecture layers created new types of vulnerabilities and, consequently, facilitated new threats such as pervasive monitoring. These vulnerabilities manifest themselves in different ways – for instance, in lack of diversity in implementations of critical security protocols, like TLS.

The number and nature of connected devices is also changing dramatically – sensors, controllers, appliances, etc., all communicating without human intervention.

The Internet continues to change and this evolution will continue. How will security and privacy challenges be addressed ten years from now? What are the missing building blocks that need to be developed? Will current approaches allow us to catch up or is a change of paradigm required?

How to Participate

Pre-registration is required for onsite participation and begins on Wednesday, 9 July 2014. Registration opens in two phases for global fairness: 09:00 UTC and 21:00 UTC.

We also plan to have a live webcast of the event (no registration required).

Watch IETF 90 page on our website for webcast information and the online registration link, and watch this Internet Technology Matters blog for more information on speakers and event details.

We hope you can join us!