Home / News

IETF Looking at Technical Changes to Raise the Bar for Monitoring

During a speech last week at the Internet Governance Forum in Bali, Jari Arkko, IETF's chair, re-emphasized it's efforts to ramp up online security in light of recent revelations of mass internet surveillance. "Perhaps the notion that internet is by default insecure needs to change," Arkko said according to a Radio Netherlands Worldwide (RNW) report. Significant technical fixes "just might be possible."

While nothing is set in stone yet, Arkko sketched out a few of the IETF's ideas in his public address.

Firstly, the IETF wants to eventually apply encryption to all web traffic.

"Today, security only gets switched on for certain services like banking," Arkko explained, referring to IETF-developed standards like SSL — the little lock that appears in the upper left corner of your browser to secure online purchases. "If we work hard, we can make [the entire internet] secure by default." To this end, the IETF might make encryption mandatory for HTTP 2.0, a new version of the basic web protocol.

Secondly, the IETF plans to remove weak algorithms and strengthen existing algorithms behind encryption. This means that the US National Security Agency and other surveillors will find it harder to crack current forms of encryption.

In other words: the IETF proposes putting locks in more places and making existing locks harder to pick. If the protocols are applied, intercepting the traffic between any two points on the internet — the sender and receiver of an email, the visitor and owner of a website, the buyer and seller of a product — will be close to impossible.

Starting November 3, the IETF will begin its week-long meetings in Vancouver, Canada to continue efforts on Internet security improvements.

Related topics: Internet Governance, Internet Protocol, Privacy, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Don't we need to diagnose and repair Karl Auerbach  –  Nov 06, 2013 1:44 PM PDT

I have spent years dealing with the isses of network diagnostics, repair, and management.  Diagnostics and repair often involve ad hoc activities that offend security policies.  Provision needs to be made to accomodate these very legitimate and very necessary activities.

Just as there is a difference between a surgeon with a scalpel and a robber with a knife we need to recognize that not every kind of penetration of the net is of ill intent or undesirable.

One of my own fears for the net is that if we lock it down very tightly that in the event of a major problem (of human cause or simply because things do break) that we will be find ourselves locked out from doing the necessary diagnosis and repair - with the possible result of wider or longer outages.

Stunning and unfortunate Anthony Rutkowski  –  Nov 07, 2013 6:12 AM PDT

...to see what powers the IETF spokespeople sometime ascribe to the organization.  In the real world, it is providers and vendors who implement capabilities pursuant to their needs, the commercial marketplace, and the many government requirements that exist in every nation, including surveillance capabilities.

To post comments, please login or create an account.

Related Blogs

NTIA Revs up Rhetoric as IANA Transition Looms

Internet: Quo Vadis (Where are you going?)

Populism and Hi-Tech

Heritage Holding Anti-IANA Transition Event With Cruz

Open Season

Related News

Explore Topics

Industry Updates – Sponsored Posts

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Verisign

Security

Sponsored by
Verisign
Port25

Email

Sponsored by
Port25