The Internet Architecture Board announced a new “Statement on Internet Confidentiality” yesterday that calls on “protocol designers, developers, and operators to make encryption the norm for Internet traffic“. The statement, distributed via email by IAB Chair Russ Housely, goes further in urging those who design and develop new protocols “to design for confidential operation by default“.
The strong statement, republished below, represents the continued evolution of the thinking of the wider technical community, as represented by the IAB and the IETF, that in light of the disclosures of massive pervasive monitoring of the Internet (see RFC 7258) the technical infrastructure of the Internet needs to be strengthened against those attacks.
As the IAB statement notes, such a move to make encryption the default will have impacts on some aspects of current network operations, but the statement represents the very public commitment by the IAB to help create the conditions under which, as it says, we can “move to an Internet where traffic is confidential by default.”
UPDATE: The Internet Society Board of Trustees published an official statement strongly supporting the IAB’s statement on Internet confidentiality.
From our perspective here at Deploy360, we definitely welcome this statement as it will help the overall security of the Internet. Within the topics we cover here, we encourage developers to look at adding TLS to all their applications, and we encourage network operators to do all they can to help their customers use TLS-encrypted applications wherever possible. We are also looking forward to continued discussions such as those held in the DPRIVE Working Group this week at IETF 91 that will improve the confidentiality and privacy of DNS interactions as well as those within the routing infrastructure.
Here is the full IAB Statement on Internet Confidentiality:
IAB Statement on Internet Confidentiality
In 1996, the IAB and IESG recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.
Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.
We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.
The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.
We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.
We’re looking forward to working with all of you there to bring about this Internet where traffic is encrypted by default!