Privacy and Security (privsec) Concluded Program
Note: The data for concluded Programs is occasionally incorrect.
|Program||Name||Privacy and Security|
|Dependencies||Document dependency graph (SVG)|
Closing note for ProgramThe IAB recently confirmed its collective intent to close the privsec programme. The privsec programme was formed from separate privacy and security programmes in 2014, when it was clear that a unified effort was necessary to deal with the challenges of the time. Over that period, there have been improvements in general awareness of challenges in these areas, with advancements in both the definition and deployment of secure protocols. To a large extent, the responsibility for the problems that motivated the creation of the unified programme has moved to the IETF. Even though these are by no means "solved" problems, it is now accepted they are addressed as part of the normal day-to-day work of the IETF rather than a semi-closed IAB programme. Though there continues to be a need for work in this general area, the IAB believes that the current form of the privsec programme is not well suited to address the full breadth of contemporary issues. Today, we are facing a range of subtle and complex problems in this area, including the effect of improved security on consolidation, the tension between use of encryption and protective systems deployed in the network, the way in which centralization of different services can be simultaneously used to improve privacy and degrade it, and the demands of governments on systems that provide security. The IAB welcomes input on how these and related topics may best be addressed and how the IAB might best contribute. The IAB very much consider these to be "live" topics, are committed to continued engagement, and aim to continue to ensure that these topics are at the forefront of IETF considerations. The IAB would like to thank members of the program, past and present, for their contributions.
The IAB Privacy and Security Program is a successor to its previous Security and Privacy programs. It provides a forum to develop, synthesize and promote security and privacy guidance within the Internet technical standards community. While security and privacy have each been explicitly and implicitly considered during the design of Internet protocols, there are three major challenges which face the community:
- most Internet protocols are developed as building blocks and will be used in a variety of situations. This means that the security and privacy protections each protocol provides may depend on adjacent protocols and substrates. The resulting security and privacy protections depend, however, on the initial assumptions remaining true as adjacent systems change. These assumptions and dependencies are commonly undocumented and may be ill-understood.
- many security approaches have presumed that attackers have resources on par with those available to those secure the system. Pervasive monitoring, distributed networks of compromised machines, and the availability of cloud compute each challenge those assumptions.
- many systems breach the confidentiality of individuals’ communication or request more than the minimally appropriate data from that communication in order to simplify the delivery of services or meet other requirements. When other design considerations contend with privacy considerations, privacy has historically lost.
This program seeks to consolidate, generalize, and expand understanding of Internet-scale system design considerations for privacy and security; to raise broad awareness of the changing threat models and their impact on the properties of Internet protocols; and to champion the value of privacy to users of the Internet and, through that value, as a contributor to the network effect for the Internet.
Public comments can be sent to email@example.com.
Volunteers should send a statement of interest to firstname.lastname@example.org, specifying which focus area or areas are of interest.
Areas of Focus
After helping develop initial text for the IAB’s statement on Internet Confidentiality, the group described the threat models related to surveillance, published as RFC 7624. The program is now working to describe the building blocks which may be used to mitigate pervasive surveillance and the impact of specific design patterns on information leakage. It will also develop a systems engineering description of how to build a confidential application which flows across the open Internet.
Work products anticipated:
- Mitigations document
- One or more design pattern documents
- Systems engineering document
The program’s work on trust is coordinated work with the relevant IETF and IRTF working groups. Its first related work product, on cryptographic algorithm agility, was moved to the IETF for consideration as a best current practice and eventually published as BCP 201 (RFC 7696). The program is currently working on a document examining the current Web Trust model. The program also plans to document general considerations for managing protocol systems in which there are multiple sources of truth which may provide assurances related to identity, authorization, or repudiation.
Work products anticipated:
- Examination of the Web’s Trust model and implementation
- Considerations for designing protocols with multiple sources of truth.