Skip to content

OPLIN 4cast #415: Encryption by default

Posted in 4cast

keyIt seems like every day brings news of another major Internet hack, some so huge and cunning that they are blamed on government-sponsored “armies” of hackers. According to one recent report, 82% of U.S. companies were hit last year by at least one online attack, and though libraries may think nobody would bother to attack them, they, too, are increasingly coming under attack. And there is also almost daily news of surveillance of Internet traffic (sometimes in preparation for a hack). No doubt about it, the Internet has become scary. Last month, to combat this trend, the Internet Architecture Board (IAB) recommended that most Internet traffic be encrypted by default, rather than using encryption only in special circumstances.

  • Q&A: Internet encryption as the new normal (Dark Reading | Kelly Jackson Higgins)  “The Internet Architecture Board (IAB), which oversees the Internet’s architecture, protocols, and standards efforts, officially called last month for encryption to be deployed throughout the protocol stack as a way to lock down the privacy and security of information exchange. It was a bold and important statement from the IAB, and it likely will be the general blueprint for new protocol efforts by the Internet Engineering Task Force (IETF), which creates the protocol specifications that run the Internet and devices and systems connected to it.”
  • IAB statement on Internet confidentiality (IETF mail archive | Russ Housley)  “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic. We believe that each of these changes will help restore the trust users must have in the Internet.”
  • IAB urges designers to make encryption the default (Threatpost | Dennis Fisher)  “The statement by the IAB is a direct response to the events of the last couple of years and the revelations by Edward Snowden of the NSA’s massive surveillance on the Internet. Internet companies and technology vendors have responded to the NSA revelations by increasing their use of encryption, especially on links between data centers. But the Internet itself was not designed with security in mind. Rather, openness and interoperability were the main goals of the network’s designers. The IAB believes that ubiquitous encryption can help address the shortcomings of the original design and protect users from attackers and surveillance.”
  • Internet Society commends Internet Architecture Board recommendation on encryption-by-default for the Internet (The Internet Society)  “Like the IAB, the ISOC Board of Trustees recognizes that implementing this aspiration raises a number of practical issues and technical challenges. In addition to network management, intrusion detection, and spam prevention, we expect there will be economic and policy challenges. As the organizational home for the IETF, the Internet Society will take an active role in facilitating and participating in the conversations required to address these challenges going forward.”

Articles from Ohio Web Library: