IETF Security Activities and Collaboration

2. IETF Security Activities and Collaboration Tim Polk National Institute of Standards and Technology tim.polk@nist.gov Addressing security challenges on a global scale

3. Two Excerpts from IETF Mission Statement • The mission of the IETF is to make the Internet work better … • by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet. • One of the Cardinal Rules is Protocol Ownership • When the IETF takes ownership of a protocol or function, it accepts the responsibility for all aspects of the protocol .... Addressing security challenges on a global scale

4. Responsibilities of IETF Security Area • Security-centric standards development • IETF Security Area includes between ten and eighteen working groups devoted to a particular mechanism or technology • Contributing “security-clue” to standards developed in other IETF areas • Recruiting security participants to contribute to other IETF standards areas, and monitoring those efforts to ensure we are actually helpful • Cross-SDO collaboration • Providing Internet specific details (X.509) • Supporting Security requirements from other SDOs (mikey modes for W3C) Addressing security challenges on a global scale

5. Security-Centric Standards Development • These standards are intended as essential building blocks • Key Management Infrastructures • Kerberos, X.509, multicast security, hokey, new DNSSEC based key distribution work • Secure Transport • Transport Layer Security (TLS and DTLS), Secure Shell • Secure Applications • S/MIME, DKIM, NEA, sasl • Authentication Technologies • EAP methods, federated authentication • Most exciting new work is leveraging DNSSEC to securely distribute key material Addressing security challenges on a global scale

6. Collaborative Initiatives • Many IETF activities are inherently tied to technologies developed outside the security area, but security clue is essential to success • Worked examples include DNSSEC (Internet area) and TCP-AO (Transport area) • Understanding DNS and the TCP state machine were critical aspects • Current activities are focused in the Routing area and include secure inter-domain routing (sidr) and key management for routing protocols (karp) • Routing protocols demand a very specific background • Cross-SDO activities include X.509 and the XML Digital Signature Standard Addressing security challenges on a global scale

7. High-Priority Opportunities • Ongoing/Emerging IETF activities • Leveraging DNSSEC for secure key or certificate distribution • Securing routing protocols • Security for the “Internet of Things” • Privacy-enhancing technologies • Other Opportunities • Security Automation • Application of current protocols to emerging sectors • Health care, smart grid, etc. Addressing security challenges on a global scale

8. Personal Observations on Collaboration • Collaborations starts with Sound Architecture and Engineering Decisions • Good protocols lend themselves to use as building blocks • Well engineered protocols are extensible to solve other problems • If a protocol needs major surgery to satisfy a new effort, it may be the wrong protocol • Collaboration within the IETF and between SDOs is fundamentally the same problem • Success demands that committed individuals regularly participate in the activities of both IETF working groups (or both SDOs) Addressing security challenges on a global scale