Standards Opportunities: IETF on E2E Encryption for Communications

Posted on October 7th, 2015

We’ve reached a critical time for improving messaging encryption and associated features, along with the secure protocols we use to transfer our information and a number of organizations are working in this arena.

Image: IETF

As indelible parts of modern communication, email and real-time communications are unlikely to change significantly in the near future. As messaging capabilities expand across a proliferating number of devices and we find more ways to incorporate Internet-based communication into our daily lives, placing a priority on improving the security of Internet Communications should be a central concern. We’ve reached a critical time for improving messaging encryption and associated features, along with the secure protocols we use to transfer our information and a number of organizations are working in this arena.

In a recent article, Kathleen Moriarty, Security Area Director of IETF, addressed some of the challenges involved in end-to-end (e2e) message encryption, posing the question “Can it be done?” The article references several important encryption standards on the scene for secure email transmissions.

Standards such as OpenPGP and IETF’s S/MIME represent very positive contributions to the ultimate goal of e2e email encryption. Unfortunately, technologies such as these sometimes present vulnerabilities in the areas of creation and sharing of encryption keys. As this important field increases, it is increasingly obvious that there is a tremendous need for solutions that conform to the OpenStand Principles.  

The article also references XMPP, the protocol used by the types of instant messaging associated with social media and intranet communication, already has e2e encryption capabilities, which need to be strengthened. XMPP’s Off-the-Record (OTR) encryption support, while easy to use, could be more feature-rich, and the encryption itself has been described by industry experts as having room for improvement.

Fortunately, the XMPP developer community has not ignored these issues and a number of interested participants (including some XMPP working group members) have already established plans for new features that they would like to roll out. Some of the new features that have been proposed include:

  • The ability to send encrypted messages when the recipient is offline, where the recipient can read the messages when they come back online
  • E2e encrypted group chat
  • Improved security and reliability of e2e encryption solution for messaging
  • ‘Device mobility’ or the ability to send and receive messages on any of your devices
  • Added accountability, to know who has the ability to read messages and who has the ability to confer that ability to others

It is our desire to see participants developing next-generation E2E standards embracing the OpenStand Principles, to help ensure the standards for encryption are created in a manner with the broadest possible consensus. With regard to the XMPP encryption standards, the IETF is an affirming partner of the OpenStand principles and a solid place to join to help define tomorrow’s messaging encryption standards.

Posted in News