Home / Blogs

W3C/IAB "Strengthening the Internet" Workshop: Deadline Monday to Submit Position Papers

Dan York

How can the open standards organizations of the IETF and W3C "strengthen the Internet" against large-scale pervasive monitoring? That is the topic up for discussion at the "Strengthening the Internet Against Pervasive Monitoring (STRINT)” workshop planned for February 28 and March 1, 2014, and jointly sponsored by the Internet Architecture Board (IAB) and the W3C.

The workshop is by invitation-only and has a deadline of Monday, January 20, 2014 (by 11:59 UTC) for submission of either position papers or Internet drafts. More information can be found on the "How To Participate” page. As noted in a message to the perpass mailing list today, there are already 43 submissions being considered by the workshop program committee - and while a submission is required to be considered for attendance, not everyone will get a chance to present.

As described on the W3C workshop page, as well as on the similar IAB workshop page, the overall goal of the workshop is to help steer the direction of both IETF and W3C work to strengthen the Internet in the face of the kind of large-scale pervasive monitoring that we've now seen. At the the last IETF meeting, the technical plenary and related sessions concluded that pervasive monitoring represents an "attack" on the Internet's infrastructure. This upcoming workshop is part of the ongoing dialogue about how to prevent these kind of attacks.

Questions to be discussed at the workshop include:

  • What are the pervasive monitoring threat models, and what is their effect on web and Internet protocol security and privacy?
  • What is needed so that web developers can better consider the pervasive monitoring context?
  • How are WebRTC and IoT impacted, and how can they be better protected? Are other key Internet and web technologies potentially impacted?
  • What gaps exist in current tool sets and operational best practices that could address some of these potential impacts?
  • What trade-offs exist between strengthening measures, (e.g. more encryption) and performance, operational or network management issues?
  • How do we guard against pervasive monitoring while maintaining network manageability?
  • Can lower layer changes (e.g., to IPv6, LISP, MPLS) or additions to overlay networks help?
  • How realistic is it to not be fingerprintable on the web and Internet?
  • How can W3C, the IETF and the IRTF better deal with new cryptographic algorithm proposals in future?
  • What are the practical benefits and limits of "opportunistic encryption"?
  • Can we deploy end-to-end crypto for email, SIP, the web, all TCP applications or other applications so that we mitigate pervasive monitoring usefully?
  • How might pervasive monitoring take form or be addressed in embedded systems or different industrial verticals?
  • How do we reconcile caching, proxies and other intermediaries with end-to-end encryption?
  • Can we obfuscate metadata with less overhead than TOR?
  • Considering meta-data: are there relevant differences between protocol artefacts, message sizes and patterns and payloads?

More information about the actual workshop will be published on the STRINT workshop agenda page on February 7, 2014. The sites indicate that all accepted documents will be published for public viewing.

If you're interested in potentially attending and being part of the discussion steering future work on this topic within the IETF and W3C, you have a short window here to submit a paper. Do note that by design this workshop is happening on the weekend prior to IETF 89 in London, where there will then be further discussions coming out of the work that happens at this workshop.

By Dan York, Author and Speaker on Internet technologies. Dan is employed as a Senior Content Strategist with the Internet Society but opinions posted on CircleID are entirely his own. Visit the blog maintained by Dan York here.

Related topics: Censorship, Cyberattack, Internet Protocol, Privacy, Security, Web

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Four Reasons to Move from .COM to Your .BRAND Domain

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Dot Brand: Why Your Brand Needs Its Own Top-Level Domain

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

DotConnectAfrica's Executive Director Sophia Bekele Keynote Remarks for the ITU's Girl's ICT Day

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Join dotMobi at World Hosting Days 2014, April 1 - 3

Why Managed DNS Means Secure DNS

Sponsored Topics