attachment
Hi,<br><br>See below - the IAB (Internet Activities Board, parent of IESG) is getting much<br>tougher - *every* protocol at *every* layer should support and recommend<br>or require encryption to address privacy and identity theft concerns.<br><br>Cheers,<br>- Ira <br clear="all"><div><div class="gmail_signature"><div dir="ltr"><br><div style="display:inline"></div><div style="display:inline"></div><div style="display:inline"></div><div></div><div></div><div></div><div></div></div></div></div>
<br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Stephen Farrell</b> <span dir="ltr"><<a href="mailto:stephen.farrell@cs.tcd.ie">stephen.farrell@cs.tcd.ie</a>></span><br>Date: Mon, Nov 17, 2014 at 4:27 PM<br>Subject: [saag] Fwd: IAB Statement on Internet Confidentiality<br>To: "<a href="mailto:saag@ietf.org">saag@ietf.org</a>" <<a href="mailto:saag@ietf.org">saag@ietf.org</a>><br><br><br><br>
Just for the benefit of anyone who's not already seen this fine<br>
bit of IAB produce...<br>
<br>
Cheers,<br>
S.<br>
<br>
<br>
-------- Forwarded Message --------<br>
Subject: IAB Statement on Internet Confidentiality<br>
Date: Fri, 14 Nov 2014 04:26:02 -0500<br>
From: IAB Chair <<a href="mailto:iab-chair@iab.org">iab-chair@iab.org</a>><br>
Reply-To: <a href="mailto:ietf@ietf.org">ietf@ietf.org</a><br>
To: IETF Announce <<a href="mailto:ietf-announce@ietf.org">ietf-announce@ietf.org</a>><br>
CC: IAB <<a href="mailto:iab@iab.org">iab@iab.org</a>>, IETF <<a href="mailto:ietf@ietf.org">ietf@ietf.org</a>><br>
<br>
Please find this statement issued by the IAB today.<br>
<br>
On behalf of the IAB,<br>
Russ Housley<br>
IAB Chair<br>
<br>
= = = = = = = = = = = = =<br>
<br>
IAB Statement on Internet Confidentiality<br>
<br>
In 1996, the IAB and IESG recognized that the growth of the Internet<br>
depended on users having confidence that the network would protect<br>
their private information. RFC 1984 documented this need. Since that<br>
time, we have seen evidence that the capabilities and activities of<br>
attackers are greater and more pervasive than previously known. The IAB<br>
now believes it is important for protocol designers, developers, and<br>
operators to make encryption the norm for Internet traffic. Encryption<br>
should be authenticated where possible, but even protocols providing<br>
confidentiality without authentication are useful in the face of<br>
pervasive surveillance as described in RFC 7258.<br>
<br>
Newly designed protocols should prefer encryption to cleartext operation.<br>
There may be exceptions to this default, but it is important to recognize<br>
that protocols do not operate in isolation. Information leaked by one<br>
protocol can be made part of a more substantial body of information<br>
by cross-correlation of traffic observation. There are protocols which<br>
may as a result require encryption on the Internet even when it would<br>
not be a requirement for that protocol operating in isolation.<br>
<br>
We recommend that encryption be deployed throughout the protocol stack<br>
since there is not a single place within the stack where all kinds of<br>
communication can be protected.<br>
<br>
The IAB urges protocol designers to design for confidential operation by<br>
default. We strongly encourage developers to include encryption in their<br>
implementations, and to make them encrypted by default. We similarly<br>
encourage network and service operators to deploy encryption where it is<br>
not yet deployed, and we urge firewall policy administrators to permit<br>
encrypted traffic.<br>
<br>
We believe that each of these changes will help restore the trust users<br>
must have in the Internet. We acknowledge that this will take time and<br>
trouble, though we believe recent successes in content delivery networks,<br>
messaging, and Internet application deployments demonstrate the<br>
feasibility of this migration. We also acknowledge that many network<br>
operations activities today, from traffic management and intrusion<br>
detection to spam prevention and policy enforcement, assume access to<br>
cleartext payload. For many of these activities there are no solutions<br>
yet, but the IAB will work with those affected to foster development of<br>
new approaches for these activities which allow us to move to an Internet<br>
where traffic is confidential by default.<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
saag mailing list<br>
<a href="mailto:saag@ietf.org">saag@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/saag" target="_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</div><br>