A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT) https://www.w3.org/2014/strint/Overview.html The Vancouver IETF plenary concluded that pervasive monitoring represents an attack on the Internet, and the IETF has begun to carry out various of the more obvious actions required to try to handle this attack. However, there are additional much more complex questions arising that need further consideration before any additional concrete plans can be made. The W3C and IAB will therefore host a one-day workshop on the topic of “Strengthening the Internet Against Pervasive Monitoring” before IETF 89 in London in March 2014, with support from the EU FP7 STREWS project. Pervasive monitoring targets protocol data that we also need for network manageability and security. This data is captured and correlated with other data. There is an open problem as to how to enhance protocols so as to maintain network manageability and security but still limit data capture and correlation. The overall goal of the workshop is to steer IETF and W3C work so as to be able to improve or “strengthen” the Internet in the face of pervasive monitoring. A workshop report in the form of an IAB RFC will be produced after the event. Technical questions for the workshop include: What are the pervasive monitoring threat models, and what is their effect on web and Internet protocol security and privacy? What is needed so that web developers can better consider the pervasive monitoring context? How are WebRTC and IoT impacted, and how can they be better protected? Are other key Internet and web technologies potentially impacted? What gaps exist in current tool sets and operational best practices that could address some of these potential impacts? What trade-offs exist between strengthening measures, (e.g. more encryption) and performance, operational or network management issues? How do we guard against pervasive monitoring while maintaining network manageability? Can lower layer changes (e.g., to IPv6, LISP, MPLS) or additions to overlay networks help? How realistic is it to not be fingerprintable on the web and Internet? How can W3C, the IETF and the IRTF better deal with new cryptographic algorithm proposals in future? What are the practical benefits and limits of "opportunistic encryption"? Can we deploy end-to-end crypto for email, SIP, the web, all TCP applications or other applications so that we mitigate pervasive monitoring usefully? How might pervasive monitoring take form or be addressed in embedded systems or different industrial verticals? How do we reconcile caching, proxies and other intermediaries with end-to-end encryption? Can we obfuscate metadata with less overhead than Tor? Considering meta-data: are there relevant differences between protocol artefacts, message sizes and patterns and payloads? Program Committee Chairs Stephen Farrell (Trinity College Dublin)Rigo Wenning (W3C)Hannes Tschofenig (ARM) Members Bernard Aboba (Microsoft)Dan Appelquist (Telefónica, W3C TAG)Richard Barnes (Mozilla)Bert Bos (W3C)Lieven Desmet (KU Leuven)Karen O'Donoghoue (ISOC)Russ Housley (Vigil Security)Martin Johns (SAP)Ben Laurie (Google)Eliot Lear (Cisco)Kenny Paterson (Royal Holloway)Eric Rescorla (RTFM)Wendy Seltzer (W3C)Dave Thaler (Microsoft)Sean Turner (IECA) Cheers, Stephen. _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
