After the Snowden revelations of pervasive monitoring , the IETF (Internet Engineering Task Force), one of the primary technical SDOs (Standards Development Organizations) for the Internet, came to rough consensus on a the need to react to the evidence of NSA pervasive monitoring of the Internet. The effort to start the work began at the IETF-88 meeting help in Vancouver in November 2013. A full discussion of this is well captured in the blog by the IETF chair. A few excepts from this blog:
IETF Security Area Director Stephen Farrell said that pervasive surveillance represents an attack on the Internet. And the rest of us agree. Such pervasive surveillance requires the monitoring party to take actions that are indistinguishable from an attack on Internet communications. So we are willing to work to address it, just like any other threat.
What happens next? I want to be clear that this is a long-term effort. Not a reaction to specific revelations, but a wholesale upgrade to our view what the threats in the Internet are and how they need to be addressed. And the updates will be hard work. And technology does not have solutions for all problems. But we will be working on general IETF-wide principles on how to address the new threats, thinking about the ways to use technologies such as TLS or opportunistic encryption. And, we will be working on the specific protocols and application areas (HTTP, XMPP, etc).
As this fit plans to do work on enhancing the online privacy of LGBTQIA community members once the .gay TLD is assigned to the community, dotgay LLC decided to get involved in the work.
At IETF-89, held in Vancouver, also documented by IETF Chair Jari Arkko in his blog, the work on protecting Internet protocols from privacy attacks continued. A new effort was started during this meeting to review existing protocols for privacy vulnerability. Sponsored by dotgay LLC, I am involved in trying to coordinate this work. There is also an opportunity for any technically inclined members of the dotgay-community to get involved if they wish.
The effort involves a team of folks gathered together to go do privacy reviews of existing protocol documents (RFCs.) focusing on pervasive monitoring. A meeting was held to kick the process off. Several people volunteered to begin reviews on some of the more criticial protocols, such as TCP (Transmission Control Protocol), DNS (Domain Name System), and the DHCP (Dynamic Host Configuration Protocol). The work is being tracked on an IETF wiki. Discussions are ongoing on the IETF Privacy email list. Readers who are technically inclined and privacy concerned are welcome to join in on the discussion, and to read and comment of the protocol review. And to join in on the reviewing.
dotgay-community.org participation in the IETF meetings is sponsored by dotgay LLC