Pervasive monitoring: the W3C and the IAB organize a workshop

Probably the hottest topic in Internet security right now is pervasive monitoring. It came in the news in the summer of last year and its importance is still growing. Security researchers are revising their attack models and the IETF and the W3C (and not only they) are considering how to harden the protocols they develop against such an attack.

Pervasive monitoring was a topic during W3C's TPAC meeting in November, as it had been at the IETF 88 meeting a week earlier. The IAB wrote about what it planned to do and more recently Tim Berners-Lee spoke out against routine, large scale interception of private communications.

As part of their efforts to improve Internet security, the IAB and W3C decided to organize a joint workshop. This workshop, dubbed “STRINT” (Strengthening the Internet Against Pervasive Monitoring), will be held just before IETF-89 in London, on March 1.

The overall goal of the workshop is to steer IETF and W3C work so as to be able to improve or “strengthen” the Internet in the face of pervasive monitoring. The workshop pages give more topics, including impact on the IoT, “opportunistic encryption” as a counter-measure, obfuscating meta-data with Tor-like protocols, educating Web developers, etc.

The deadline for submitting a paper to the workshop is in just a few days: Monday January 20, but the requirements for position papers are not very heavy. There is still time to take part. The workshop pages explain how to participate.

The actual organization of the workshop is in the hands of the STREWS project, a research project about Web security in which W3C participates (together with Trinity College Dublin, KU Leuven and SAP) and which receives financial support from the European Union.