The Internet standards process
Ian Brown
Overview
•
•
•
•
•
What standards need setting?
Protocols – the IETF and the ITU
Approaches to wiretapping
Approaches to patents
Domain names and addresses
Ideal of open standards
• Many different client and server applications give user
choice, competition on features and price, and resistance
to catastrophic attacks
Communications protocols
• Define the format and sequence of messages that
pass between two or more communicating
processes on one or more processors
• Can be closed (many proprietary systems), open
(standards-based) or open with proprietary
extensions
What does a protocol look like?
HELO machinename
250 Looks good to me
MAIL FROM: I.Brown
250 OK
RCPT TO: I.Brown
250 OK
DATA
354 Enter Mail, end by a line with only '.'
Message text
250 Submitted & queued (0/msg.28043-0)
Competition implications
• Closed protocols can be used to leverage a
monopoly in one area (e.g. desktop operating
system) into another (e.g. server software)
• Protocol analysers and reverse engineering can
be used to discover details of protocols – arms
race
Internet Engineering Task Force
• First met in San Diego in
1986 with 21 attendees
• Forthcoming meeting in
Minneapolis is 73rd in series
• Attendance peaked at 3,000
in 2000 and is still around
2,000, 3 times a year
IETF working groups
• All IETF protocols developed in ~120 working
groups in one of 8 areas
• Groups make decisions by “rough consensus and
running code”
• Consensus must be found on mailing lists rather
than at physical meetings
Example IETF working groups
•
•
•
•
•
•
•
•
•
•
avt Audio/Video Transport
behave Behavior Engineering for Hindrance Avoidance
dccp Datagram Congestion Control Protocol
enum Telephone Number Mapping
ieprep Internet Emergency Preparedness
ippm IP Performance Metrics
ips IP Storage
iptel IP Telephony
megaco Media Gateway Control
midcom Middlebox Communication
IETF process
• Protocol documents begin life as “Internet drafts”
(currently over 1,000)
• Successful drafts become Requests for
Comments (RFCs)
• RFCs can be standards-track (proposed, draft or
full), Informational, Experimental or Best Current
Practice
ITU-T
• International Telecommunications Union (Telecoms
sector)
• Part of United Nations system where governments and
companies coordinate telecoms networks and services
• Work done in “study groups” mostly by corporate staff
but needs to be agreed by government representatives
ITU process
• Much lower volume communication than IETF
• Work tends to progress more slowly and mainly at
Geneva meetings
Example ITU study groups
• Study Group 13 Multi-protocol and IP-based networks and their
internetworking
Lead Study Group for IP related matters, B-ISDN, Global
Information Infrastructure and satellite matters.
• Study Group 16 Multimedia services, systems and terminals
Lead Study Group on multimedia services, systems and terminals,
e-business and e-commerce.
• Study Group 17 Data Networks and Telecommunication Software
Lead Study Group on frame relay, communication system security,
languages and description techniques.
Other relevant bodies
• W3C – World Wide Web Consortium
• ETSI – European Telecommunications Standards
Institute
• IEEE – Institute for Electrical and Electronics
Engineering
• ISO – International Standards Organisation
Approaches to “lawful access”
• Wiretapping requirements imposed by legislation
(e.g. Communications Assistance to Law
Enforcement Act of 1994 in US, Regulation of
Investigatory Powers Act 2000 in UK)
• Requirements placed on manufacturers in US,
ISPs and phone companies in both countries
Lawful access requirements
• Undetectable to subject
• Invisible to unauthorised personnel and other
interceptors
• Any available decryption keys should be provided
• Only authorised information should be provided
IETF approach
• FBI requested wiretapping capability in Megaco
protocol
• IETF created mailing list to debate; 500
participants
• Plenary debate at Washington DC meeting; very
few in favour, many against, majority silent
IETF decision
• “The IETF has decided not to consider requirements for
wiretapping as part of the process for creating and
maintaining IETF standards”
• 1. Inappropriate in global standards – different legal and
privacy requirements
• 2. Would increase protocol complexity and decrease
security
• 3. End-to-end security makes unworkable
• 4. Otherwise, many facilities already available
Ongoing IETF debate
• “the IETF believes that mechanisms designed to facilitate
or enable wiretapping, or methods of using other facilities
for such purposes, should be openly described, so as to
ensure the maximum review of the mechanisms and
ensure that they adhere as closely as possible to their
design constraints.”
• Cisco Architecture for Lawful Intercept in IP Networks
(RFC 3924)
ETSI approach
• “The Technical Committee on Lawful Interception
(TC LI) is the leading body for lawful interception
standardization within ETSI. Lawful interception
standards have also been developed by ETSI
technical bodies AT, TISPAN (/SPAN and
TIPHON™), TETRA, and by 3GPP™”
ETSI standards
•
•
•
•
•
•
•
•
•
•
ES 201 671 Telecommunications Security; Lawful Interception (LI); Handover Interface
for the Lawful Interception of Telecommunications Traffic (revised version).
ES 201 158 Telecommunications Security; Lawful Interception (LI); Requirements for
Network Functions
TS 102 234 Telecommunications Security; Lawful Interception (LI); Service-specific
details for internet access services;
TS 102 233 Telecommunications Security; Lawful interception (LI); Service-specific
details for e-mail services
TS 102 232 Telecommunications Security; Lawful Interception (LI); Handover
Specification for IP Delivery
TS 101 671 Telecommunications Security; Lawful Interception (LI); Handover interface
for the lawful interception of telecommunications traffic.
TS 101 331 Telecommunications Security; Lawful Interception (LI); Requirements of
Law Enforcement Agencies
TR 102 053 Telecommunications Security; Lawful Interception (LI); Notes on ISDN
lawful interception functionality.
TR 101 944 Telecommunications Security; Lawful Interception (LI); Issues on IP
Interception.
TR 101 943 Telecommunications Security; Lawful Interception (LI); Concepts of
Interception in a Generic Network Architecture.
Patent issues
• Open standards of limited use if they require
patent-protected technology
• Very popular with patent owners!
• Standards bodies now addressing issue to a
greater or lesser extent
IETF IPR policy
•
•
•
“This page provides a mechanism for filing Disclosures about intellectual
property rights (IPR) and for finding out what IPR Disclosures have been filed.”
https://datatracker.ietf.org/public/ipr_disclosure.cgi
“The IETF takes no position regarding the validity or scope of any intellectual
property rights or other rights that might be claimed to pertain to the
implementation or use of the technology described in any IETF documents or
the extent to which any license under such rights might or might not be
available; nor does it represent that it has made any independent effort to
identify any such rights.”
“The IETF invites any interested party to bring to its attention any copyrights,
patents or patent applications, or other proprietary rights that may cover
technology that may be required to implement this standard. Please address
the information to the IETF at ietf-ipr@ietf.org."
W3C IPR policy
• “Whenever possible, technical decisions should be made
unencumbered by intellectual property right (IPR) claims. To this end,
W3C discloses to the entire Membership which organizations have
made IPR claims about a particular technology, as well as the details
of those claims where they have been provided. Individuals should
immediately disclose any IPR claims they know may be essential to
implementing a Recommendation track technical report.”
• Goes further than IETF RAND target
Domain names
• Domain Name System maps IP addresses
(128.16.64.182) to Fully-Qualified Domain Names
(happy.cs.ucl.ac.uk)
• Overseen by ICANN, managed by registrars and
registrants
• International controversy (US control of process and root
servers)
• Trouble with trademarks