How the Internet’s Engineers are Fighting Mass Surveillance
The Internet Engineering Task Force has played down suggestions that the National Security Agency is weakening the security of the Internet through its standardization processes, and has insisted that the nature of those processes will result in better online privacy for all. A year and a half after Edward Snowden blew the lid on the activities of the NSA and its international partners, it looks like real progress is being made. Here’s a rundown on why the IETF is confident that the NSA can’t derail those efforts -- and what exactly it is that the group is doing to enhance online security:
- The IETF is in the process of formalizing a concept called “opportunistic security” whereby -- even if full end-to-end security isn’t practical for whatever reason -- some security is now officially recognized as being better than nothing.
- HTTP 2, currently being finalized by the IETF and the World Wide Web Consortium (W3C), is on the way, and it will support the padding of traffic so as to make it harder for spies to draw inferences from packet size.
- The IETF is also officially killing off RC4, a cipher used in the Transport Layer Security (TLS) protocol that supposedly provides the security behind the “https” you see denoting secure connections in web addresses.
- A separate working group is trying to develop a new DNS Private Exchange (DPRIVE) mechanism to make DNS transactions -- where someone enters a web address and a Domain Name System server translates it to a machine-friendly IP address -- more private.