2013 Review

Surveillance revelations, revising HTTP and TLS, building a browser-based VoIP & video platform, Software-Defined Networking, diversifying the IETF, the role of the Area Directors and the IESG, and active Internet governance discussions are some of the topics that are fresh on my mind at least. Here’s a brief summary of some of these topics:

Pervasive monitoring was perhaps the biggest world-wide Internet topic this year. Our role at the IETF is not to be involved in a discussion of the politics of such activities. But it is our role to understand what threats exist in the Internet. In our Vancouver meeting we chose to deal with these issues just like we do with any other  vulnerability or threat in the Internet, i.e., consider them as threats that we try to defend against. Obviously, communications security alone is not a solution to the overall problem. But at the same time there are improvements in technology that would reduce opportunities for wholesale data collection. The IETF is working on some of these improvements, e.g., some protocol updates, applications considering how they can better use TLS, and so on. We’ve created the Using TLS for Applications (UTA) working group to do some of this work. This is, of course, a part of IETF’s ongoing commitment to dealing with all security vulnerabilities and improving the security of the Internet.

And I have to say that as I have talked to many people around the world about this topic, our work on improving the security against pervasive monitoring is very highly appreciated. Of course, a lot of work remains. And that work is of course not easy. We will continue to see continued attention to this topic, in our working group lists, interim meetings, in the London IETF meeting, at the IAB workshop, and so on.

TLS and HTTP protocols are the cornerstones of the web protocol stack, and their revisions (TLS 1.3 and HTTP 2.0) bring significant changes, making them more secure and faster to use. This is particularly important, given the pervasive monitoring discussion.

But not all of our technical work has been in security. For instance, with WebRTC we have been working on a plugin-free mechanisms that allows browsers to make voice and video calls. This is something that the IETF has done together with the W3C and many developers. It is an exciting and much needed functionality that has drawn so much attention that some of the technical choices (like video codec selection) have been under intense attention and debates. This highlights the dilemma of work that is commercially very interesting. Of course we want our work to be interesting, but at the same time, it brings conflicting demands from all the implementations that are developing in parallel.

Software-Defined Networking (SDN) and network virtualisation have been hot topics in the industry, and we at the IETF have also had many related activities. Such as efforts in the I2RS, SFC, FORCES, NVO3, and SPRING working groups and the SDN research group. We will likely see even more activities in this space in 2014.

Internet-governance. Largely fuelled by the surveillance discussion, in 2013 we saw a lot of discussion about Internet governance on existing and new forums. This will continue in 2014. Our role at the IETF is to be a part of the growing Internet community who cares that the Internet can continue to be managed in appropriate ways, consistent with its long evolution.

Role of ADs and the IESG: We have often discussed the central role of the IESG in the IETF, but this year’s problems in finding a candidate to fulfil the position of the transport AD drove the point home at least for me. And it is not just about the transport ADs, it is a more general problem. Our organisation is too centralised, puts a high load on the ADs, and does not empower the working groups to do as much as they can on their own. We’ve undertaken some changes to do more work before things come to the IESG (like early directorate reviews and inviting some document shepherds on IESG calls), but the we’ve not done nearly enough yet. I think more effort in this direction is needed.

None of this would be possible to accomplish without a strong and growing organisation. To that end, we’ve spent a lot of effort in improving inclusiveness at all levels. In March, we started a discussion of what can we do to improve the diversity of IETF participants, leadership, and ensuring that we hear all voices. I’m proud of the various programs and initiatives that we have today on making diverse participation easier: ISOC policy and fellow programs, the mentoring program, anti-harassment policy, update of the IETF code of conduct, decision to have a meeting in South America, and so on. And the discussion itself is perhaps the most important result, because I think it will remind all of us how important this issue is, and allows us to actively take these considerations into account. But work needs to continue here – this is just a small step. It is also a small part of the long-time process that has turned IETF to the international organisation it is.