During a speech last week at the Internet Governance Forum in Bali, Jari Arkko, IETF's chair, re-emphasized it's efforts to ramp up online security in light of recent revelations of mass internet surveillance. "Perhaps the notion that internet is by default insecure needs to change," Arkko said according to a Radio Netherlands Worldwide (RNW) report. Significant technical fixes "just might be possible."
While nothing is set in stone yet, Arkko sketched out a few of the IETF's ideas in his public address.
Firstly, the IETF wants to eventually apply encryption to all web traffic.
"Today, security only gets switched on for certain services like banking," Arkko explained, referring to IETF-developed standards like SSL — the little lock that appears in the upper left corner of your browser to secure online purchases. "If we work hard, we can make [the entire internet] secure by default." To this end, the IETF might make encryption mandatory for HTTP 2.0, a new version of the basic web protocol.
Secondly, the IETF plans to remove weak algorithms and strengthen existing algorithms behind encryption. This means that the US National Security Agency and other surveillors will find it harder to crack current forms of encryption.
In other words: the IETF proposes putting locks in more places and making existing locks harder to pick. If the protocols are applied, intercepting the traffic between any two points on the internet — the sender and receiver of an email, the visitor and owner of a website, the buyer and seller of a product — will be close to impossible.
Starting November 3, the IETF will begin its week-long meetings in Vancouver, Canada to continue efforts on Internet security improvements.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines