EVERYTHING needs crypto says Internet Architecture Board

Beginner's guide to SSL certificates

The Internet Architecture Board (IAB) has called for encryption to become the norm for all internet traffic.

Last Friday, the IAB issued a statement saying that since there is no single place in the Internet protocol stack that offers the chance to protect all kinds of communication, encryption must be adopted throughout the protocol stack.

The statement reflects earlier, more piecemeal moves in the Internet Engineering Task Force (IETF) to start spook-proofing the Internet.

Rather than looking at a particular protocol proposal, the IAB statement is designed to lay down a fundamental principle for designers: encryption, the board says, should be the norm for Internet traffic.

Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance.

The statement strengthens a long-held view within the Internet Engineering Task Force articulated in 1986 in RFC 1984, which stated that government policies to monitor the Internet are against the interests of consumers and the business community, are largely irrelevant to issues of military security, and provide only marginal or illusory benefit to law enforcement agencies.

This year, RFC 7258, described pervasive monitoring as an attack.

Even where a protocol's own operation doesn't need encryption, the IAB wants protocol designers to think beyond their immediate problem, because information leaked by one protocol can be made part of a more substantial body of information by cross-correlation.

In other worlds, even if a protocol doesn't particularly deal with user traffic, such as one handling negotiations between routers, its designers should adopt encryption to ensure it doesn't reveal information that does somehow compromise privacy.

Go here to read the rest:
EVERYTHING needs crypto says Internet Architecture Board