NSA Leaks Bolster IETF Work On Internet Security

The Internet Engineering Task Forces efforts to add security to the Internets protocols have been reinvigorated by fallout from revelations of controversial NSA spying programs

Ongoing efforts to beef up the security of the Internets underlying protocols may have gotten a major boost, thanks to the National Security Agency (NSA).
Officials from the Internet Engineering Task Force (IETF) today said last weeks plenary meeting of the body charged with developing protocols for the Net was dominated with talk of better securing the Internet to thwart wide-scale surveillance akin to those programs leaked by former NSA contractor Edward Snowden.
There is noticeable momentum, said Stephen Farrell, IETF Security Area Director, today in a press briefing on last weeks IETF 88 Plenary in Vancouver.
Among some of the IETF security efforts that could see the light of day relatively soon is work on guidance for easily turning on encryption between email servers. Farrell says email providers already are looking at this, and the hope is they will roll it out in a matter of months.
Clearly, theres a very long-term question: With a lot of technology things you can do, there remains an adversary willing to spend a lot of effort and money and [who] will still be able to extract metadata from various protocols, Farrell said. But we can make it significantly harder to launch the pervasive attacks weve been seeing.
New IETF protocols dont get written or adopted overnight, however. The voluntary, open committee process for proposing and ultimately releasing a protocol specification can take years, even for some of the most straightforward technologies. Security is even tougher. None of the solutions in securing the Internet is necessarily easy, noted IETF chair Jari Arkko. You need backward compatibility, interoperability among different parties, and different components.
The Snowden leaks helped spur an about-face by the IETF in its work on the next-generation Web protocol, HTTP 2.0. In March 2012, the HTTPbis Working Group charged with the HTTP 2.0 work decided against encryption by default using the Transport Layer Security protocol. The working group has since decided to rethink that in the wake of the NSA Internet surveillance revelations.
Also on the table is work on securing the transport protocols underlying the Net. One notable effort is a proposed protocol for adding encryption directly to the TCP protocol itself. Theres also a working group forming to cover security in application-layer protocols, including instant messaging, for example.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ Firefox improves Do Not Track feature. ◂ Discovered: 26/12/2024 Category: security	▸ Crime Scene Investigation: Atlanta? No, its Phone Fingerprinting. ◂ Discovered: 26/12/2024 Category: security	▸ Why do we take so long to detect data breaches? ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
NSA Leaks Bolster IETF Work On Internet Security