Fwd: [Cryptography] FW: IAB Statement on Internet Confidentiality

grarpamp grarpamp@gmail.com
Fri Nov 14 15:37:24 PST 2014 

---------- Forwarded message ----------
From: Salz, Rich <rsalz@akamai.com>
Date: Fri, Nov 14, 2014 at 8:46 AM
Subject: [Cryptography] FW: IAB Statement on Internet Confidentiality
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>



-----Original Message-----
From: IAB Chair [mailto:iab-chair@iab.org]
Sent: Friday, November 14, 2014 4:26 AM
To: IETF Announce
Cc: IAB; IETF
Subject: IAB Statement on Internet Confidentiality

Please find this statement issued by the IAB today.

On behalf of the IAB,
  Russ Housley
  IAB Chair

= = = = = = = = = = = = =

IAB Statement on Internet Confidentiality

In 1996, the IAB and IESG recognized that the growth of the Internet
depended on users having confidence that the network would protect
their private information.  RFC 1984 documented this need.  Since that
time, we have seen evidence that the capabilities and activities of
attackers are greater and more pervasive than previously known.  The
IAB now believes it is important for protocol designers, developers,
and operators to make encryption the norm for Internet traffic.
Encryption should be authenticated where possible, but even protocols
providing confidentiality without authentication are useful in the
face of pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation.
There may be exceptions to this default, but it is important to
recognize that protocols do not operate in isolation.  Information
leaked by one protocol can be made part of a more substantial body of
information by cross-correlation of traffic observation.  There are
protocols which may as a result require encryption on the Internet
even when it would not be a requirement for that protocol operating in
isolation.

We recommend that encryption be deployed throughout the protocol stack
since there is not a single place within the stack where all kinds of
communication can be protected.

The IAB urges protocol designers to design for confidential operation
by default.  We strongly encourage developers to include encryption in
their implementations, and to make them encrypted by default.  We
similarly encourage network and service operators to deploy encryption
where it is not yet deployed, and we urge firewall policy
administrators to permit encrypted traffic.

We believe that each of these changes will help restore the trust
users must have in the Internet.  We acknowledge that this will take
time and trouble, though we believe recent successes in content
delivery networks, messaging, and Internet application deployments
demonstrate the feasibility of this migration.  We also acknowledge
that many network operations activities today, from traffic management
and intrusion detection to spam prevention and policy enforcement,
assume access to cleartext payload.  For many of these activities
there are no solutions yet, but the IAB will work with those affected
to foster development of new approaches for these activities which
allow us to move to an Internet where traffic is confidential by
default.

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cypherpunks mailing list