IETF floats plan to PRISM-proof the Internet
Proposal hopes to 'resist or prevent all forms of covert intercept capability'
The Internet Engineering Task Force (IETF) has posted “PRISM-Proof Security Considerations” aimed at making it much harder for governments to implement programs like the PRISM effort whistleblower Edward Snowden exposed as one of the tools in the NSA's spookery toolbag.
The proposal has just one author - Phillip Hallam-Baker of the Comodo Group – which makes it a little unusual as most IETF proposals are the work of several folks in pursuit of a common goal. The document is only a draft hoped to one day reach the standards track of the IETF's various efforts, so has little weight at present.
The proposal suggests the internet be re-engineered with “a communications architecture that is designed to resist or prevent all forms of covert intercept capability. The concerns to be addressed are not restricted to the specific capabilities known or suspected of being supported by PRISM or the NSA or even the US government and its allies.”
Sadly the paper is a little light on for actual ideas about how the internet can be PRISM-proofed, offering “a security policy infrastructure and the audit and transparency capabilities to support it” as one item that should be on any hardening effort's to-do list. More use of cryptography is also proposed, so that “two layers of public key exchange using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications”. That regime should, Hallam-Baker suggests, make it harder to snoop on everyday traffic. ®