STRINT Workshop

A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)

28 February – 1 March 2014, London

Twitter tag

#strint

Host

IAB and W3C gratefully acknowledge the STREWS project for hosting this workshop

… and Telefónica Digital for providing the workshop facilities.

This is the agenda for the STRINT Workshop .

On this page:

Logistics/Netiquette
Workshop goals
Agenda

Logistics/Netiquette

Sessions will have at most 50% presentation material. Workshop chairs will impose strict timing on session moderators who will do the same to you! Interrupting with questions and comments is welcome but hogging the microphone will be loudly countered by the workshop and session chairs. The goal is moderated discussion and progress and not showing off slideware. Only the session moderators or presenter gets to project slides – please don't ask to project yours, because we don't have time.

There will be no individual presentations.

Each session will be moderated and has a member of the Technical Program Committee (TPC) as shepherd. For some, the moderator will present, for others, the TPC have asked someone else to present as well. If you're interested in a particular session feel free to contact any of the above and say what you think needs discussing, or bring it up on the attendee mailing list.

Attendees are assumed to have read the submissions about which they care. To help with that, please read, and contribute an abstract of your paper, to this etherpad. Presentations are to refresh memory or draw out salient points for discussion, and will not be introductory or tutorial in nature.

Laptop use is expected. We'd rather you didn't just do email or hang about on some social network, but we can't stop you. You can take photographs, but they'll be boring. The meeting may be streamed and recorded. By being there you agree to that.

It is recommended to join the chat room: IRC channel #strint on irc.w3.org. (You may see two 'bots on the channel: Zakim and RRSAgent.) For off-the-record comments (not logged), please use “/me” (e.g.: /me needs coffee). There is also a Web interface to IRC.

Streaming audio: http://nagasaki.bogus.com:8000/stream10

Invitees will be subscribed to the workshop attendees discussion list, (strint-attendees@lists.i1b.org, public archive) and are expected to begin the discussion before the workshop.

Workshop goals

The STRINT workshop starts from the position that Pervasive Monitoring (PM) is an attack. While some dissenting voices are expected and need to be heard, that is the baseline assumption for the workshop, and our high-level goal is to provide some more consideration of that and how it ought affect future work within the IETF and W3C.

At the next level down the goals of the STRINT workshop are to:

Discuss and hopefully come to agreement among the participants on concepts in PM for both threats and mitigation, e.g., “opportunistic” as the term applies to cryptography.
Discuss the PM threat model, and how that might be usefully documented for the IETF at least, e.g., via an update to BCP72.
Discuss and progress common understanding in the trade-offs between mitigating and suffering PM.
Identify weak links in the chain of Web security architecture with respect to PM.
Identify potential work items for the IETF, IAB, IRTF and W3C that help mitigate PM.
Discuss the kinds of action outside the IETF/W3C context might help those done within the IETF/W3C.

Agenda

Details will likely evolve as a result of attendee-list discussion between now and the workshop. Note that it is not possible to have break-outs on Friday. Saturday break-outs will be planned during breaks Friday and overnight. Each session has some TPC member(s) as a shepherd who are arranging materials and presenters (see above).

Time	Topic
Friday 28 February
Minutes from Friday 28 February
13:00	Registration, Coffee, play with n/w, power, find seat
14:00	Workshop starts, welcome, logistics, opening/overview [slides] Goal is to plan how we respond to PM threats Specific questions to be discussed in sessions Outcomes are actions for IETF, W3C, IRTF, etc.
14:30	I. Threats – What problem are we trying to solve? (Presenter: Richard Barnes; Moderator: Cullen Jennings) [slides] What attacks have been described? (Attack taxonomy) What should we assume the attackers' capabilities are? When is it really “pervasive monitoring” and when is it not? Scoping – what's in and what's out? (for IETF/W3C)
15:30	Break
16:00	II. COMSEC 1 – How can we increase usage of current COMSEC tools? (Presenter: Hannes Tschofenig; Moderator: Leif Johansson) [slides] Whirlwind catalog of current tools Why aren't people using them? In what situations are / aren't they used? Securing AAA and management protocols – why not? How can we (IETF/W3C/community) encourage more/better use?
17:30	Break
17:45	III. Policy – What policy / legal/ other issues need to be taken into account? (Presenter: Christine Runnegar; Moderator: Rigo Wenning) [slides] What non-technical activities do we need to be aware of? How might such non-technical activities impact on IETF/W3C? How might IETF/W3C activities impact on those non-technical activities?
18:30	Session IV – Saturday plan, open-mic, wrap up day
19:00	Social event
Saturday 1 March
Minutes from Saturday 1 March
09:00	Welcome again, logistics
09:15	IV. COMSEC 2 – What improvements to COMSEC tools are needed?(Presenter: Mark Nottingham; Moderator: Steve Bellovin) [slides] Opportunistic encryption – what is it and where it might apply Mitigations aiming to block PM vs. detect PM – when to try which?
10:30	Break
10:45	V. Metadata – How can we reduce the metadata that protocols expose? (Presenter: Alfredo Pironti [slides] /Ted Hardie [slides]; Moderator: Alissa Cooper [slides]) Meta-data, fingerprinting, minimisation What's out there? How can we do better?
12:00	Lunch (Buffet)
13:00	VI. Deployment – How can we address PM in deployment / operations? (Presenter: Eliot Lear; Moderator: Barry Leiba) [slides] “Mega”-commercial services (clouds, large scale email & SN, SIP, WebRTC…) Target dispersal – good goal or wishful thinking? Middleboxes: when a help and when a hindrance?
14:30	Break
15:00	VII. 3 x Break-out Sessions / Bar-Camp style (Hannes Tschofenig) Content to be defined during meeting, as topics come up Sum up at the end to gather conclusions for report
15:00	Break-out#1 – Research Questions (Moderator: Kenny Paterson) Do we need more/different crypto tools? How can applications make better use of COMSEC tools? What research topics could be handled in IRTF? What other research would help?
	Break-out#2 – TBD
	Break-out#3 – TBD
16:15	VIII. Break-out reports, Open mic & Conclusions – What are we going to do to address PM? [slides] Gather conclusions / recommendations / goals from earlier sessions
17:15	End