A W3C/IAB workshop on Strengthening the Internet Against
Pervasive Monitoring (STRINT)
28 February – 1 March 2014, London
- 20 January 2014:
- Deadline for Position Papers
- 31 January 2014:
- Acceptance notification and registration instructions sent.
- 7 February 2014:
- Program and position papers announced.
- 14 February 2014:
- Deadline for registration
- 6 March 2014:
- Minutes published
The Vancouver IETF plenary concluded that pervasive monitoring
represents an attack on the Internet, and the IETF has begun to
carry out various of the more obvious
actions required to try to handle this attack. However, there
are additional much more complex questions arising that need
further consideration before any additional concrete plans can be
The W3C and IAB will therefore host a one-day
workshop on the topic of “Strengthening the Internet Against
Pervasive Monitoring” before IETF 89 in
London in March 2014, with support from the EU FP7 STREWS project.
Pervasive monitoring targets protocol data that we also need for
network manageability and security. This data is captured and
correlated with other data. There is an open problem as to how to
enhance protocols so as to maintain network manageability and
security but still limit data capture and correlation.
The overall goal of the workshop is to steer IETF and W3C work
so as to be able to improve or “strengthen” the Internet in
the face of pervasive monitoring. A workshop report in the form
of an IAB RFC will be produced after the event.
Technical questions for the workshop include:
- What are the pervasive monitoring threat models, and what is
their effect on web and Internet protocol security and privacy?
- What is needed so that web developers can better consider the
pervasive monitoring context?
- How are WebRTC and IoT impacted, and how can
they be better protected? Are other key Internet and web
technologies potentially impacted?
- What gaps exist in current tool sets and operational best
practices that could address some of these potential impacts?
- What trade-offs exist between strengthening measures, (e.g.
more encryption) and performance, operational or network
- How do we guard against pervasive monitoring while
maintaining network manageability?
- Can lower layer changes (e.g., to IPv6, LISP, MPLS) or additions
to overlay networks help?
- How realistic is it to not be fingerprintable on the web and
- How can W3C, the IETF and the IRTF better
deal with new cryptographic algorithm proposals in future?
- What are the practical benefits and limits of "opportunistic
- Can we deploy end-to-end crypto for email, SIP, the web, all
TCP applications or other applications so that we mitigate
pervasive monitoring usefully?
- How might pervasive monitoring take form or be addressed in
embedded systems or different industrial verticals?
- How do we reconcile caching, proxies and other intermediaries
with end-to-end encryption?
- Can we obfuscate metadata with less overhead than Tor?
- Considering meta-data: are there relevant differences between
protocol artefacts, message sizes and patterns and payloads?
Presentations will take place on Friday afternoon and on
Learn more about how to
participate, including requirements for position papers.
(This information is also available in the workshop
announcement from the IAB.)