CircleID

How can the open standards organizations of the IETF and W3C "strengthen the Internet" against large-scale pervasive monitoring? That is the topic up for discussion at the "Strengthening the Internet Against Pervasive Monitoring (STRINT)” workshop planned for February 28 and March 1, 2014, and jointly sponsored by the Internet Architecture Board (IAB) and the W3C.

The workshop is by invitation-only and has a deadline of Monday, January 20, 2014 (by 11:59 UTC) for submission of either position papers or Internet drafts. More information can be found on the "How To Participate” page. As noted in a message to the perpass mailing list today, there are already 43 submissions being considered by the workshop program committee - and while a submission is required to be considered for attendance, not everyone will get a chance to present.

As described on the W3C workshop page, as well as on the similar IAB workshop page, the overall goal of the workshop is to help steer the direction of both IETF and W3C work to strengthen the Internet in the face of the kind of large-scale pervasive monitoring that we've now seen. At the the last IETF meeting, the technical plenary and related sessions concluded that pervasive monitoring represents an "attack" on the Internet's infrastructure. This upcoming workshop is part of the ongoing dialogue about how to prevent these kind of attacks.

Questions to be discussed at the workshop include:

• What are the pervasive monitoring threat models, and what is their effect on web and Internet protocol security and privacy?
• What is needed so that web developers can better consider the pervasive monitoring context?
• How are WebRTC and IoT impacted, and how can they be better protected? Are other key Internet and web technologies potentially impacted?
• What gaps exist in current tool sets and operational best practices that could address some of these potential impacts?
• What trade-offs exist between strengthening measures, (e.g. more encryption) and performance, operational or network management issues?
• How do we guard against pervasive monitoring while maintaining network manageability?
• Can lower layer changes (e.g., to IPv6, LISP, MPLS) or additions to overlay networks help?
• How realistic is it to not be fingerprintable on the web and Internet?
• How can W3C, the IETF and the IRTF better deal with new cryptographic algorithm proposals in future?
• What are the practical benefits and limits of "opportunistic encryption"?
• Can we deploy end-to-end crypto for email, SIP, the web, all TCP applications or other applications so that we mitigate pervasive monitoring usefully?
• How might pervasive monitoring take form or be addressed in embedded systems or different industrial verticals?
• How do we reconcile caching, proxies and other intermediaries with end-to-end encryption?
• Can we obfuscate metadata with less overhead than TOR?
• Considering meta-data: are there relevant differences between protocol artefacts, message sizes and patterns and payloads?

More information about the actual workshop will be published on the STRINT workshop agenda page on February 7, 2014. The sites indicate that all accepted documents will be published for public viewing.

If you're interested in potentially attending and being part of the discussion steering future work on this topic within the IETF and W3C, you have a short window here to submit a paper. Do note that by design this workshop is happening on the weekend prior to IETF 89 in London, where there will then be further discussions coming out of the work that happens at this workshop.

By Dan York, Author and Speaker on Internet technologies. Dan is employed as a Senior Content Strategist with the Internet Society but opinions posted on CircleID are entirely his own. Visit the blog maintained by Dan York here.

Related topics: Censorship, Cyberattack, Internet Protocol, Privacy, Security, Web