The Internet Architecture Board (IAB) has issued a sweeping directive “for protocol designers, developers, and operators to make encryption the norm for Internet traffic ,” even while acknowledging that such an approach will create major obstacles for some network operations.
The statement also leaves unaddressed what will be inevitable howls of protest from the law enforcement and national security sectors, whose surveillance activities have long motivated those pushing for ubiquitous encryption.
From the IAB statement:
In 1996, the IAB and IESG recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.
Issued back in May, RFC 7258 stated: “Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible.”
The IAB believes it’s possible everywhere, or at least close to everywhere.
Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.
The IAB acknowledges that this will be easier said than done for some.
We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.
The Internet Society Board of Trustees issued its own statement supportive of the IAB’s call.
The IAB’s statement aligns with the Internet Engineering Task Force’s (IETF) statement that pervasive monitoring, whatever the source, must be considered an attack on the Internet as well as current work across IETF working groups to strengthen protocols.
User trust is critical to the Internet’s continued growth and evolution. Realizing the IAB’s aspiration would drastically reduce the ability to eavesdrop or modify information sent over the Internet.