Wednesday, May 20, 2020

3.1 Background on IPsec, IETF and RFCs

The Internet Engineering Task Force (IETF) is where protocol specifications for the Internet come from.  There is an entire Area within IETF (an "area" is the largest size organizational group in IETF, equivalent to a division of the American Physical Society, I would guess) dedicated to security, which charters many (more than twenty) different working groups.  Security is MUCH, MUCH MORE than cryptography, but
an important area of work is developing the network protocols that allow real systems to use the cryptographic techniques discovered by the mathematicians.  Moreover, theorists are inevitably naive about how much work it is to actually use their ideas.

One of the most important means of securing your communications is IPsec, which builds a "tunnel" inside of which ordinary IP packets can be carried transparent to their origin and destination (meaning your laptop and the server don't have to be be configured to handle the encryption; they deal in unmodified, unencrypted IP packets) but protected as they transit public networks.

IPsec is complex and has been updated many times.  The Wikipedia page on it (which might be an easier entry point than the IETF indices, which are organized chronologically) lists over 40 standards-track documents, probably totaling over a thousand pages, some of which are outdated and some of which are still current.

Those documents are what are known as RFCs, or Request for Comments documents.  They have different levels of authority, ranging from Experimental and Informational to Standard.  Reaching Standard can take decades and numerous iterations as the working groups gradually converge on what works in the real world, intersecting with what people will actually implement and use, but protocols are often de facto standards long before reaching that platinum frequent flyer status.

No comments:

Post a Comment