Skip to Content

Cybersecurity & Standards

Domo Arigato, IETF

Two weeks ago, upwards of 1100 dedicated souls gathered in Hiroshima, Japan for the 76th meeting of the Internet Engineering Task Force (IETF). Although I’ve been regularly attending these meetings for some time now, whenever this group gathers I’m always surprised and delighted anew at the extent to which the goal of the IETF – “to make the Internet work better” – remains so intensely in focus for so many engineers, developers, and standards professionals around the world. All of us as Internet users owe much of our satisfaction with the way the Internet functions to the hard work of this all-volunteer group.

Several of the week’s events highlighted areas where the work of the IETF intersects with privacy, net neutrality, and free speech issues. The Geographic Location/Privacy (GEOPRIV) working group, where CDT has long been involved and which I currently co-chair, is making steady progress toward its goal of standardizing secure and privacy-protective ways of conveying geographic location information on the Internet. The working group had a fruitful discussion about the kinds of assurances that are necessary to authenticate and authorize requests for location information on the network. The IETF is poised to standardize a way for the network to convey to a computer what its location is using HTTP as the means of conveyance. The discussion about assurances is a natural extension of this soon-to-be standard.

The IETF is also busily working on ways to mitigate the congestion effects of new and changing network usage patterns, all of which should prove useful as ISPs seek new ways to manage congestion on their networks. The Application-Layer Traffic Optimization (ALTO) working group is making steady progress toward defining requirements for and developing a protocol that would allow end-user peer-to-peer applications to learn valuable information about network characteristics and topology that those applications can then use to decide with whom to peer. The Low Extra Delay Background Transport (LEDBAT) group is working out the kinks in its protocol that, when standardized, will help peer-to-peer applications cede to more latency-sensitive applications (like VoIP) during times of congestion.

One potential new avenue in the congestion realm was explored during the Congestion Exposure (CONEX) session. The idea of CONEX is to expose to network nodes the congestion expected along a packet’s network path. While ISPs are currently able to measure network volume (how much traffic a subscriber or subnet generates) they are limited in their ability to measure congestion volume (how much a subscriber or subnet contributes to congestion on the network). Once this information is exposed, ISPs could potentially use it for numerous purposes, including congestion-volume-based pricing and improved congestion management techniques.

The Internet Society (ISOC) used the opportunity of the IETF meeting to host an informative panel about Internet bandwidth growth, highlighting several recently conducted research studies about how bandwidth utilization is evolving. One highlight among many was presented by Danny McPherson, Chief Security Officer at Arbor Networks, who discussed some fascinating results from a study that Arbor conducted using traffic data from more than 100 of its ISP and content provider clients around the world. The Arbor data shows significant changes in network utilization since 2007, including a substantial (over 70%) drop in the proportion of network traffic dedicated to peer-to-peer file sharing and a massive consolidation of the sources of the Internet’s most popular content (150 source networks serving 50% of content, compared to thousands of source networks in 2007).

Finally, during his regular plenary report on the status of IETF developments, IETF Chair Russ Housley made a landmark announcement: in the fall of 2010, the IETF meeting will for the first time take place in China [http://www.ietf.org/meeting/upcoming.html]. Given the freewheeling nature of the IETF, and the intense dedication of many of its participants to building an open and free Internet, the task of securing a meeting venue and host in China that would be supportive of the group’s work was far from easy. But that’s a subject for another post…