This document discusses encryption and standards development at the Internet Engineering Task Force (IETF). It provides background on the IETF, including that it is an open standards organization with working groups that develop technical standards through an open process. The document notes that encryption usage on the internet has grown significantly in recent years. While encryption increases privacy and trust, it may have profound effects by limiting some network functions like caching, traffic management, and surveillance. The realities are that encryption shifts how certain parties can access traffic, but does not eliminate access. Standards continue to evolve to both increase security and avoid potential negative outcomes.
2. The Internet Society
•Founded in 1992 by Internet Pioneers
•International non-profit organisation
•140 organisation members
•80,000+ individual members
•110 chapters worldwide
•Regional Bureaus: Africa, Latin America & Caribbean,
Asia Pacific, Europe, North America
•Vision
•The Internet is for everyone.
•Mission
•To promote the open development, evolution, and use of
the Internet for the benefit of all people throughout the
world.
2
3. Why Standards?
•Networks existed without the Internet
•Multiple proprietary networking protocols
•IPX/SPX, AppleTalk, DECnet, etc
•Networks as islands
•Interconnection the challenge
•Standards enable thousands of networks to interconnect
seamlessly
3
4. Who needs standards?
•The Internet works
…because people choose to make it work
…and they collaborate to make it work
•Internet standards
•Openly developed
•No affiliation or membership required to participate in
open, transparent, inclusive processes
•Openly available
•No fees to access or apply the standards in
applications and devices
•Voluntarily applied
•No governing body to enforce compliance
4
5. Open standards for innovation and choice
The Internet's open, neutral architecture has proven to be an
enormous engine for market innovation, economic growth,
social discourse, and the free flow of ideas. The remarkable
success of the Internet can be traced to a few simple network
principles – end-to-end design, layered architecture, and open
standards – which together give consumers choice and control
over their online activities.
- Vint Cerf, Internet Pioneer
Statement to U.S. Senate Committee on
Commerce, Science, and Transportation
Hearing on “Network Neutrality”
February 2006
5
Vint Cerf. Photo by Joi Ito, 2007
http://en.wikipedia.org/wiki/
File:Vinton_Cerf_in_Lisbon-20070325.jpg
6. About the IETF | 9 June 20166
The Internetis a
Network of
Independent
Networks
That exchange
IP traffic
Picture by NLnet Labs, Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
7. About the IETF | 9 June 20167
Image Source: http://en.wikipedia.org/wiki/File:House_Plans_(Blueprints).pdf (CC License)
8. About the IETF | 9 June 20168
Technical
Building Blocks
Image Source: NLnet Labs Blender model based on http://en.wikipedia.org/wiki/File:House_Plans_(Blueprints).pdf (CC License)
(design)principles
9. About the IETF | 9 June 20169
The mission of the IETF is to make the Internet work better by producing
high quality, relevant technical documents that influence the way people
design, use, and manage the Internet.
10. About the IETF | 9 June 2016
IETF Trust
IETF Universe
10
RFC Editor
IASA
IAD IAOC
IESG
Area Area Area Area Area Area
working
group
working
group
working
group
working
group
working
group
working
working
group
working
group
working
group
working
group
working
group
working
working
group
working
group
working
group
working
group
working
group
working
working
group
working
group
working
group
working
group
working
group
working
working
group
working
group
working
group
working
group
working
group
working
working
group
working
group
working
group
working
group
working
group
working
IETF Secretariat
11. About the IETF | 9 June 2016
IETF standards are published as RFCs
• Standards track
• Best Current Practices (operational)
• Informational and Experimental
RFC series also includes
• IRTF (Internet Research Task Force)
• IAB (Internet Architecture Board)
• Independent contributions
Standards Track documents are
maintained by the IETF
• IESG approval: based on consensus
process
11
draft
full
proposed
Not all RFCs are IETFstandards
Internet-Drafts
Internet Standard
IETF
Standards and
RFCs
Proposed Standard
IESG Approval
IESG Approval
old 3 stepnew 2 step
12. IESG
Transport
Area
M. Stiemerling
S. Dawkins
Security
Area
K. Moriarty
S. Farrell
Routing
Area
A. Retana
A.Atlas,
D. Brungard
O&M
Area
B. Claise
J. Jaeggli
Art
area
B. Leiba,A.Cooper, B.
Campbell
Internet
Area
B. Haberman
T. Manderson
GENERAL
AREA
J.Arko
appsawg alto
aqm
tcpm
tsvwg
abfab anima
bmwg
dime
dnsop
grow
avtcore
avtext
bfcpbis
6lo
6man
6tish
dhc
dmm
dnssd
caltext
core
dprive
hip
homenet
intarea
lwig
mif
netext
ntp
pcp
savi
softwire
sunset4
tictoc
l3sm
lime
lmap
mboned
netconf
netmod
opsawg
opsec
radext
supa
bess
bfd
bier
ccamp
ace
conex
dtn
ippm
mptcp
nsfv4
ppsp
rmcat
storm
taps
tcpinc
tram
LastUpdateOct62015
IANAplan
clue
codec
dbound
dispatch
dmarc
drinks
ecrit
eppext
geojson
httpbis
hybi
imapapnd
insipid
jsonbis
lager
mmusic
modern
netvc
p2psip
payload
perc
precis
rtcweb
sipcore
siprec
stir
stox
straw
tzdist
urnbis
uta
webpush
xrblock v6ops
detnet
i2rs
idr
isis
l2tpext
lisp
manet
mpls
nvo3
ospf
pce
pim
roll
rtwg
sfc
sidr
spring
teas
trill
acme
cose
dane
dice
dots
httpauth
i2nsf
ipsecme
jose
kitten
mile
oauth
openpgp
sacm
tls
tokbind
trans
13. Participation a IETF 95 meeting
Total number of participants 621
Participants from the USA 133
Participants from Africa 10
Participants from UK 23
16. IETF-Africa Initiative
Goal
• To increase the IETF’s visibility in Africa
• To promote open standards on the continent
• Develop a strong community of individuals who contribute to the
Internet Standards development process at the IETF
• To host one of the IETF meetings in an African city in the next 5
years.
19. CodeMatch Overview
● What is CodeMatch?
● Marketplace which brings together students,
researchers, professors, open source development
communities, vendors with proprietary
implementations, and consumers of code bases
● Objectives
● Link existing implementations to standards
● Showcase opportunities to develop running code for
IETF protocols
● Provide clear benefits to each user type from
increased collaboration
For more information: https://codematch.ietf.org/
20. IETF Hackathon
● What is IETF Hackathon?
● IETF Hackathons encourage developers to collaborate
and develop utilities, ideas, sample code and solutions
that show practical implementations of IETF standards.
● Objectives
● Bring developers and young people into IETF and get
them exposed to and interested in IETF
● Advance pace and relevance of IETF standards
activities
For more information: https://www.ietf.org/hackathon/
22. Encryption | 23 September 2015
RFC 7258: Pervasive Monitoring is an Attack
22
23. Encryption | 23 September 201523
http://httparchive.org/trends.php?s=Top1000&minlabel=Jan+1+2013&maxlabel=Sep+1+2015#perHttps
Fraction of HTTPS links on Alexa top 1000 pages Jan 2013-Sep 2015
Source HTTPARCHIVE
24. Encryption | 23 September 201524
From the a network perspective HTTPS traffic grew from 4%(2008) to 17% (2015)
Source known to author
25. Encryption | 23 September 201525
A CDN now sees 35+% of ‘hits’ over HTTPS
Source known to author
26. Encryption | 23 September 201526
Transport Encryption is not the Only tool to increase trust and privacy
27. Encryption | 23 September 201527
dprive
HTTP2
RFC7435: defining
opportunistic
encryption
RFC7465:deprecating RC4
TLS 1.3
DNS qnameminimizationqnameminimization
IRTF CFRG new
curves
ACME
28. Encryption | 9 June 2016
• Leads to
reassessment of the
role of intelligence in
the network and the
role of the end-users.
Ubiquitous Encryption may have a profound effect
28
• Caching
• DPI to filter web
content (malevolent
and benevolent)
• Traffic management
• Media optimization
Example:
Filtering of
Wikipedia
Article
Example: feeding
movie content to
mobile handset
Example: fall-
back to upstream
provider
29. Encryption | 23 September 2015
The realities….
“Everything is in the clear” approach is clearly unworkable
Encryption will reduce the number of parties that see traffic
But not eliminate them — content provider, browser vendor,
CAs, proxy provider, corporate IT department, …
World still moves ahead on a voluntary basis on what
technology is chosen and on what technology a particular
party can adopt
Surveillance shifts, not eliminated
Useful technical things done in different ways, not eliminated
Some potential bad outcomes to avoid —- MITMs, regulation
limiting security, fragmentation, device control, …
29
30. Encryption | 9 June 2016
Thank you!
30
Dawit Bekele
Director, African Regional Bureau
Internet Society
bekele@isoc.org