Want to read a wide range of views on how to strengthen the security and privacy of the Internet? Interested to hear how some of the leaders of the open standards world think we can make the Internet more secure? As I wrote about previously here on CircleID, the W3C and the Internet Architecture Board (IAB) are jointly sponsoring a workshop on “Strengthening The Internet” (STRINT) on February 28 and March 1 in London just prior to the IETF 89 meeting happening all next week. The workshop is invitation-only and to be invited you had to submit a “paper” or Internet-Draft outlining what you thought are the issues and how you thought you could contribute to the conversation.

There were 66 papers accepted and they are now available for public viewing at:

https://www.w3.org/2014/strint/report.html

These represent the points of view of individuals as well as small groups of people who jointly submitted a paper. Some of the documents are quite short while others go on at quite some length. The papers include some of the leading contributors to the IETF, independent security experts, representatives of other organizations, representatives of vendors, academic researchers and many, many interested individuals. They cover a wide range of topics from security and privacy to encryption, VoIP and much more.

If you’re really interested in understanding the current state of security on the Internet, these documents make for great reading.

As for the STRINT workshop itself, the agenda has now been posted and the workshop goals have been stated:

The STRINT workshop starts from the position that Pervasive Monitoring (PM) is an attack. While some dissenting voices are expected and need to be heard, that is the baseline assumption for the workshop, and our high-level goal is to provide some more consideration of that and how it ought affect future work within the IETF and W3C.

At the next level down the goals of the STRINT workshop are to:

• Discuss and hopefully come to agreement among the participants on concepts in PM for both threats and mitigation, e.g., “opportunistic” as the term applies to cryptography.
• Discuss the PM threat model, and how that might be usefully documented for the IETF at least, e.g., via an update to BCP72.
• Discuss and progress common understanding in the trade-offs between mitigating and suffering PM.
• Identify weak links in the chain of Web security architecture with respect to PM.
• Identify potential work items for the IETF, IAB, IRTF and W3C that help mitigate PM.
• Discuss the kinds of action outside the IETF/W3C context might help those done within the IETF/W3C.

As is note on that agenda page there will be an IRC chat room available and they are working on some form of streaming for remote attendees. If you’re interested in listening in remotely, you may want to monitor the perpass mailing list (or subscribe to the list).

It should be an interesting workshop and the resulting discussions will undoubtedly influence activity at next week’s IETF 89 meeting in London.

P.S. In the interest of full disclosure, I should note that while I am attending IETF 89 in London next week I am not attending the STRINT workshop. Colleagues of mine from the Internet Society are attending, though, and my colleague Andrei Robachevsky described their position paper, with which I agree, in a recent blog post: “The Danger Of The New Internet Choke Points”