Welcome to the last installment of the IETF 94 Rough Guide! This installment focuses attention on the IETF 94 activities in Yokohama this week related to improving trust in the Internet including identity and privacy.
The first thing I’d like to highlight is technically not part of the IETF, but it is an important cross-pollination effort. The W3C Privacy Interest Group (PING) will again be meeting face-to-face alongside the IETF. The purpose of this meeting is outreach to the broader IETF community, information sharing amongst the participants on various privacy efforts, and progression of PING work items including the draft privacy and security questionnaire for specification authors. The meeting occurs during the lunch slot (1130-1300 JST) on Thursday, 5 November 2015 in Room 511. It is BYOL (Bring Your Own Lunch), but the conversation is definitely worth the effort!
As for the IETF working groups, there are several ongoing working groups addressing relevant topics in this space. Some of the ones that will meet at IETF 94 are highlighted below.
The Automated Certificate Management Environment (acme) working group is working to lower the barrier to deployment of certificates for the Web PKI. Currently, the verification of domain names in a certificate is done using a set of ad hoc mechanisms. In particular, the acme working group is automating the process of issuance, validation, revocation and renewal. This is meeting will focus exclusively on the current document (https://datatracker.ietf.org/doc/draft-ietf-acme-acme/) and the issues documented in the issue tracker (https://github.com/ietf-wg-acme/acme/issues).
In response to evolving concerns about pervasive surveillance, the IETF has looked to improve the observable data in many of its protocols. The DNS PRIVate Exchange (DPRIVE) Working Group was chartered to develop mechanisms to initially provide confidentiality between DNS Clients and Iterative Resolvers. This week’s agenda includes DNS over DTLS, DNS over TLS, and Stateless DNS Encryption. Given that virtually all communication on the Internet involves name resolution, providing additional privacy to the underlying mechanisms is key to improving trust in the Internet.
The Web Authorization Protocol (oauth) working group has been working for quite some time on a suite of documents that enables a user to grant a third-party access to protected resources without sharing the user’s long term credentials. The working group has completed a long list of RFCs. This week’s meeting will focus on authorization requests, Proof-of-Possession, token exchange, and the use of OAuth for native apps. OAuth is emerging as a key component of online identity systems, and this week is yet another opportunity to impact the conversations.
The Open Specification for Pretty Good Privacy (OpenPGP) working group originally completed its work in 2008 providing a solution for object encryption, object signing, and identity certification (RFC4880). Recently it has become clear that it was time to produce an update to RFC4880, and the OpenPGP working group was reinstated to do that work. This revision will include potential inclusion of elliptic curves recommended by the Crypto Forum Research Group (CFRG), a symmetric encryption mechanism that offers modern message integrity protection, an update to the mandatory-to-implement algorithm selection, deprecation of weak algorithms, and an updated public-key fingerprint mechanism.
The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The primary effort of the Public Notary Transparency (trans) working group is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. Certificate Transparency creates a log of certificates issued by certificate authorities (CAs). This provides the opportunity to monitor for problems in the certificate infrastructure globally. The primary focus of this week’s discussion will be the update to RFC 6962, a threat analysis, and the gossip protocol. There is also some potential new work to discuss including other uses for transparency beyond PKI certifications.
In a bit of a tangent, I’d like to mention the Network Time Protocol (ntp) working group. As the Internet has evolved, some of the key pieces of infrastructure that we often take for granted need to be reconsidered in the light of the current operational environment. Time is a key component of establishing and maintaining trust, and it is often overlooked. The ntp working group is currently pursuing two efforts to improve the trustworthiness of the time infrastructure. Network Time Security (NTS) will define an updated framework and mechanisms for time server authentication. Additionally, a Best Current Practice (BCP) is being developed to address common operational issues that are being increasingly exploited.
To reinforce the importance of the IETF work in trust, identity, and privacy, I would like to mention my experience at last week’s World Wide Web Consortium (W3C) Technical Plenary and Advisory Council (TPAC) meeting in Sapporo. One of the highlights was a plenary panel discussion with Tim Berners-Lee, Vint Cert, and Jun Murai. There was a question specifically on building a better trust layer for the web. Vint Cert responded that the IETF and W3C communities should work together to address the question: “What is missing from the enabling protocol space to make strong authentication, high integrity, and other trust building mechanisms?” Perhaps we can take some inspiration from this in the coming week!
Related Meetings, Working Groups, and BOFs at IETF 93:
ace (Authentication and Authorization for Constrained Environments) BOF
Monday, 2 November 2015; 0900-1130, Room 302
acme (Automated Certificate Management Environment) WG
Friday, 6 November 2015; 9:00 – 11:30, Room 304
dprive (DNS PRIVate Exchange) WG
Monday, 2 November 2015; 17:10 – 19:10, Room 304
oauth (Web Authorization Protocol) WG
Thursday, 5 November 2015; 15:20 – 17:20, Room 301
openpgp (Open Specification for Pretty Good Privacy)
Tuesday, 3 November 2015; 17:10 – 18:40, Room 411/412
trans (Public Notary Transparency) WG
Monday, 2 November 2015, 1300 – 1500, Room 411/412
ntp (Network Time Protocol) WG
Monday, 2 November 2015, 1710-1910, Rooms 411/412
There’s a lot going on in Yokohama, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf94.
Photo Credit: istock.com