Fitness, Conditioning & Outdoor Activities Camp-Summer Collaboration
IETF Security Activities and Collaboration
description
Transcript of IETF Security Activities and Collaboration
2Addressing security challenges on a global scale Geneva, 6-7 December 2010
IETF Security Activities and Collaboration
Tim PolkNational Institute of Standards and Technology
Two Excerpts from IETF Mission Statement
The mission of the IETF is to make the Internet work better … by producing high quality, relevant technical
documents that influence the way people design, use, and manage the Internet.
One of the Cardinal Rules is Protocol Ownership When the IETF takes ownership of a protocol or
function, it accepts the responsibility for all aspects of the protocol ....
3Geneva, 6-7 December 2010 Addressing security challenges on a global scale
Responsibilities of IETF Security Area
Security-centric standards development IETF Security Area includes between ten and eighteen
working groups devoted to a particular mechanism or technology
Contributing “security-clue” to standards developed in other IETF areas Recruiting security participants to contribute to other IETF
standards areas, and monitoring those efforts to ensure we are actually helpful
Cross-SDO collaboration Providing Internet specific details (X.509) Supporting Security requirements from other SDOs (mikey
modes for W3C)
4Addressing security challenges on a global scale Geneva, 6-7 December 2010
Security-Centric Standards Development
These standards are intended as essential building blocks Key Management Infrastructures
Kerberos, X.509, multicast security, hokey, new DNSSEC based key distribution work
Secure Transport Transport Layer Security (TLS and DTLS), Secure Shell
Secure Applications S/MIME, DKIM, NEA, sasl
Authentication Technologies EAP methods, federated authentication
Most exciting new work is leveraging DNSSEC to securely distribute key material
5Addressing security challenges on a global scale Geneva, 6-7 December 2010
Collaborative Initiatives
Many IETF activities are inherently tied to technologies developed outside the security area, but security clue is essential to success Worked examples include DNSSEC (Internet area) and TCP-
AO (Transport area) Understanding DNS and the TCP state machine were critical
aspects Current activities are focused in the Routing area and
include secure inter-domain routing (sidr) and key management for routing protocols (karp)
Routing protocols demand a very specific background Cross-SDO activities include X.509 and the XML Digital
Signature Standard
6Addressing security challenges on a global scale Geneva, 6-7 December 2010
High-Priority Opportunities
Ongoing/Emerging IETF activities Leveraging DNSSEC for secure key or certificate
distribution Securing routing protocols Security for the “Internet of Things” Privacy-enhancing technologies
Other Opportunities Security Automation Application of current protocols to emerging sectors
Health care, smart grid, etc.
7Addressing security challenges on a global scale Geneva, 6-7 December 2010
Personal Observations on Collaboration
Collaborations starts with Sound Architecture and Engineering Decisions Good protocols lend themselves to use as building blocks Well engineered protocols are extensible to solve other
problems If a protocol needs major surgery to satisfy a new effort, it
may be the wrong protocol Collaboration within the IETF and between SDOs is
fundamentally the same problem Success demands that committed individuals regularly
participate in the activities of both IETF working groups (or both SDOs)
8Addressing security challenges on a global scale Geneva, 6-7 December 2010