Rough Guide to IETF 95: All Things Encryption

Print Version
Share to a friend

We have come a long was in both time and distance from Yokohama to Buenos Aires, and the efforts of the Internet community to strengthen the Internet by improving deployment of encryption continue with IETF 95 this week. This time around we will highlight the curdle, tls, and uta working groups, the cfrg research group, and the IAB Privacy and Security program.

The first thing I’d like to mention is a working group that will be meeting for the first time here in Buenos Aires. The CURves, Deprecating and a Little more Encryption (CURDLE) working group will focus on updating cryptographic mechanisms for existing IETF protocols. The working group will add mature mechanisms that enjoy broad support from implementers. It will also look at removing the support for old algorithms where there is IETF consensus to do so. The initial protocols that the CURDLE group will address include SSH, DNSSEC, PKIX, CMS, XML Digital Signatures and potentially XML Encryption, Kerberos and JSON.

Along the same lines, the Using TLS in Applications (UTA) working group continues to look at adding TLS support to existing applications. This week the focus will be on support for TLS in SMTP. Of note from the uta working group since the last IETF is the recent publication of RFC 7817 “Updated Transport Layer Security (TLS) Server Identity Check Procedure for Email-Related Protocols”.

The Transport Layer Security (TLS) working group continues to work on an update to the TLS protocol. This is a very active working group with a plan to publish an update to TLS in 2016. This meeting will be devoted to resolving the open issues with the current specification as documented in the issue tracker:

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg) continues to focus on use of cryptography for IETF protocols. Since IETF 94, RFC 7748 on “Elliptic Curves for Security” has been published. This is a major milestone for this activity. Topics for this week’s meeting include extended hash-based signatures, secure state management for hash-based signatures, PAKE requirements, and quantum resistant cryptography. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.

The Internet Architecture Board (IAB), through its Privacy and Security Program, has been focusing on strengthening the Internet by looking at threats, mitigations, and trust models. Since the publication of RFC 7624 “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement”, the focus has been on a draft discussing mitigations “Confidentiality in the Face of Pervasive Surveillance”. This document is approaching maturation so now is an excellent time to find a member of that program to discuss the draft.

Also related to the IAB Privacy and Security program work is the Managing Radio Networks in an Encrypted World (MaRNEW) workshop held jointly by the IAB and the GSMA in September 2015 and discussed at IETF 94. A draft of the report for this workshop is now available in addition to all the raw workshop materials. One concern going into the workshop was that radio networks would face challenges meeting their operational requirements in an encrypted world. Discussion at the workshop focused on alternatives to traditional content classification that could be deployed in conjunction with encryption. Here at IETF 95 there will be BoF on Alternatives to Content Classification for Operator Resource Deployment (accord). This should be an excellent discussion of the challenges being faced and possible next steps to address some of these challenges.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security related conversations ongoing in the IETF. This week’s session will include the challenges and possibilities represented by the Internet of Things along with security and privacy issues in numeric identifiers among other topics.

All in all, the work continues here at IETF 95 to make encryption more widespread and easier to deploy for a stronger Internet.