Categories
Building Trust IETF Privacy

Edward Snowden Highlights Identity and Privacy at IETF 93

Sunday night, a group of IETF 93 attendees organized an unofficial, but unique event[1]. Edward Snowden was a surprise (remote participant) guest in a question and answer session after a screening of the documentary Citizenfour. It was movie night at the IETF – a first in all my many years in this community.

The obvious highlight of the evening was the live discussion with Mr. Snowden. It was both interesting and inspirational, especially through the lens of our ISOC work. It included topics ranging from ownership of the Internet to the vital role of specific technologies in improving privacy. All of the discussion was framed in terms closely aligned with our ISOC mission that “the Internet is for everyone” and a safe Internet promotes human rights.

Mr. Snowden discussed who the Internet is for and who controls it. He stated that “governments or countries don’t own the Internet, the public does.” He called on the community to make the Internet safe for everyone all the time, and not to allow others to determine who is safe and who is not. He reminded the IETF that users of the Internet are the ultimate customers of our products. “We should ensure our protocols follow users’ intent.”

Moving on from general topics, the discussion dove into specific technical questions. Middleboxes in particular were a frequent target of criticism with statements like “every middlebox is an increased attack surface.” He talked about the need to secure metadata along with content reminding us of the vital information included in metadata. It is well past time for emerging protocols to properly address the collection and sharing of unnecessary information.

Of particular interest to our work here at ISOC, Mr. Snowden talked about the importance of identity in this space. He talked about the need for anonymous and pseudonymous communications and the ability to separate identity from personas.

Moving further down into the technical details, there was a discussion about IEEE 802 MAC addresses and their role in tracking. Juan Carlos Zuniga mentioned the Wi-Fi privacy experiment that has been conducted at the last few IETFs which has resulted in an IEEE 802 project to define MAC address privacy. Mr. Snowden supported the work by stating, “Burned in long lasting hardware addresses are extremely dangerous.”

As the session was wrapping up, Snowden specifically called out the Cryptech effort as “awesome.” This is an activity that was initiated by conversations within the IETF community to develop an open source hardware crypto module developed in a transparent manner. In fact, just prior to the IETF there was an open workshop on cryptech where participants could install the prototype and use it to sign a DNS zone.

There were standing ovations at the beginning and end and several bouts of spontaneous applause from the appreciative audience. In my decades of IETF participation, I must say it was a first.

Special kudos to Mark Nottingham who arranged the screening, and Daniel Kahn Gillmor who arranged for Edward Snowden’s appearance. You can read more about Mark’s thoughts on the event in his own words by reading his “Snowden Meets the IETF” blog post.

Thank you for a fascinating and inspirational beginning to this week’s IETF.


[1] Editorial note: To explain a bit more, a group of individuals attending IETF 93 got together, requested meeting room space,paid for the screening of the movie and invited people to attend. This was not an official IETF activity although it was at the IETF 93 venue.

Categories
Building Trust IETF Improving Technical Security Open Internet Standards Privacy Technology

Rough Guide to IETF 93: Strengthening the Internet

Strengthening the Internet and encryption continue to be active areas for the IETF community. The news stories related to encryption just seem to keep coming. Now some governments are even considering requiring key escrow or banning encryption outright. The stakes continue to rise in this discussion. In this section of the Rough Guide, we will focus on CrypTech, the IAB Privacy and Security program, the Crypto Forum Research Group, and a few relevant IETF work groups happening at IETF 93 in Prague next week.

First, CrypTech (website: https://cryptech.is; wiki: https://trac.cryptech.is/wiki; mailing list: https://wiki.cryptech.is/wiki/MailingLists) is a project to create an open hardware cryptographic engine developed in a transparent manner. While this project is technically outside the scope of the IETF, it was originally started with the support of IETF and IAB leadership. CrypTech is making excellent technical progress, but it needs to establish more robust and stable funding.

At IETF 93, there will be several opportunities to learn more about the CrypTech project and to get involved. First, there will be a hands-on workshop on Saturday, 18 July, to learn more about the current state of the project. A detailed agenda is available here: (https://trac.cryptech.is/wiki/PrahaWorkshop) CrypTech will also be an agenda item in the saag and cfrg meetings mentioned below. This is an interesting project with great potential and many opportunities to participate and contribute.

Moving on, the Internet Architecture Board (IAB, www.iab.org), through its Privacy and Security Program (https://www.iab.org/activities/programs/privacy-and-security-program/) is continuing to work on the topic of confidentiality. A document on “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement” (https://tools.ietf.org/html/draft-iab-privsec-confidentiality-threat-07) has been approved and is in the final steps of publication. The program is now working on a mitigations draft entitled “Confidentiality in the Face of Pervasive Surveillance” (https://tools.ietf.org/html/draft-iab-privsec-confidentiality-mitigations-02). Now is an excellent time to find some of the program participants and discuss this document with the authors.

While this is not an IETF 93 activity, the IAB is also working with the GSMA to plan a workshop on Managing Radio Networks in an Encrypted World (MaRNEW). There is still time to put together position papers if you feel you have something to contribute in this space. (https://www.iab.org/activities/workshops/marnew/) The workshop is planned for 24-25 September in Atlanta, GA, and there should be interesting results to review in time for IETF 94.

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg, https://irtf.org/cfrg) continues to focus on use of cryptography for IETF protocols. It has been focusing extensively on the selection of new elliptic curves for use in IETF protocols, and rough consensus on this topic is documented in “Elliptic Curves for Security” (https://tools.ietf.org/html/draft-irtf-cfrg-curves-02). Hot topics at the meeting this week will include pake schemes, extended hash-based signatures, and elliptic curve signatures. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.

There are also a number of IETF working groups progressing efforts related to strengthening the Internet that will be meeting this week. In this post I will focus on tls and uta. Other working groups also working on strengthening the Internet are discussed in the “ DNSSEC, DANE, DPRIVE, and DNS Security” and the soon-to-come “Trust, Identity, and Privacy” Rough Guide posts.

The Transport Layer Security (tls) working group is actively working on an update to the TLS protocol (https://tools.ietf.org/html/draft-ietf-tls-tls13-07). This is a very active working group with a mailing list that is not for the faint of heart. There will be two sessions and a total of 4.5 hours of meeting time devoted to progressing the agenda. Topics for IETF 93 include known configuration mechanisms, 0-RTT, PSK and resumption, client authentication, and cipher suites among others.

Since the last IETF meeting, the Using TLS in Applications (uta) working group has published two RFCs; RFC 7525 ”Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)” (https://tools.ietf.org/html/rfc7525) and RFC 7590 “Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)“ (https://tools.ietf.org/html/rfc7590). This meeting will focus on enhanced email privacy and TLS/DTLS security modules.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security-related conversations ongoing in the IETF. This week’s session will include CrypTech along with the state of transport security in email and http. All in all, there is much to see and do in the world of Strengthening the Internet for IETF 93.

Related Meetings, Working Groups, and BoFs at IETF 93:

cfrg (Crypto Forum Research Group)
Wednesday, 22 July 2015, 1300-1530, Athens/Barcelona
Agenda: https://tools.ietf.org/agenda/93/agenda-93-cfrg.html
Charter: https://irtf.org/cfrg

tls (Transport Layer Security) WG
Tuesday, 21 July, 2015, 1520-1720, Congress Hall III,
Wednesday, 22 July 2015, 0900-1130, Grand Ballroom
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls
Charter: https://tools.ietf.org/wg/tls/charters

uta (Using TLS in Applications) WG
Tuesday, 21 July 2015, 1740-1840, Congress Hall III
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

saag (Security Area Advisory Group)
Thursday, 23 July 2015, 1300-1500, Congress Hall II
Agenda: https://tools.ietf.org/agenda/93/agenda-93-saag.html

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf93.

Categories
Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 92: Strengthening the Internet

One of our primary strategic objectives for 2015 is work related to strengthening the Internet. News continues to come in regarding the exploitation of various vulnerabilities and threats in core Internet protocols and operations. The IETF community continues to work to address these issues, as is evident from multiple activities scheduled for this week in Dallas at IETF 92

In November 2014, the Internet Architecture Board (IAB) published a statement on Internet Confidentiality urging the development and deployment of encryption technology. The IAB Privacy and Security Program continues to focus on Resilience, Confidentiality, and Trust. While all of these contribute to general strengthening of the Internet, the confidentiality area in particular is continuing work on a threat model and problem statement document: “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement”. This document has been reviewed and updated since the last IETF and is reaching a state ready for broader community review.

The IAB research group, the Crypto Forum Research Group (cfrg) has been focusing extensively on the selection of new curves for use in IETF protocols. They will be meeting this week to discuss an update on curves, recapping where they are and where they are going. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions. This work is also eagerly anticipated by communities outside the IETF including W3C, particularly the W3C WebCrypto WG.

There are a number of IETF working groups progressing work related to strengthening the Internet meeting this week. In this post I will focus on tls and uta. Note that other working groups related to trust, identity, and privacy will be discussed in a subsequent Rough Guide to IETF 92 blog post.

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

Since the last IETF meeting, the Using TLS in Applications (uta) wg has completed and forwarded a key document, “Recommendations for Secure Use of TLS and DTLS” to the RFC Editor for publication.
 
Finally, while this isn’t exactly an IETF activity, I’d again like to mention that the CrypTech project is making excellent progress in developing an open hardware cryptographic engine. This effort could eventually provide a set of open source cryptographic building blocks along with a trustworthy set of tools to be used to build more secure Internet products. Join the public mailing lists to follow progress.
 
Finally, I have mentioned this during my comments for IETF 90 and IETF 91, and I see that there still hasn’t been much activity, but there is an effort to review existing RFCs for privacy and pervasive monitoring issues. This is an excellent way to read some of those old RFCs that you never got around to. The wiki for that activity is: https://trac.tools.ietf.org/group/ppm-legacy-review/
 
Related Meetings, Working Groups, and BoFs at IETF 92:
 

  • cfrg (Crypto Forum Research Group)
    Wednesday, 25 March 2015, 1300-1500, Continental
    Charter: https://irtf.org/cfrg

Follow Us

There’s a lot going on in Dallas, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf92.

Categories
Encryption Improving Technical Security IPv6 Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards

Talking Encryption, Routing Security, IPv6, and More at Mobile World Congress

Photo: android – google space CC BY-NC-SA 2.0

Next week I’ll be at Mobile World Congress in Barcelona, Spain, talking about pervasive monitoring and additional Internet encryption, increasing routing security and resilience through the MANRS initiative, and growing IPv6 deployments in mobile operator networks. I encourage you to also read my colleague’s blog post yesterday about Kathy Brown’s keynote on the Economics of Internet Governance and Michael Kende’s panel on the regulatory enablers and obstacles to innovation of and for the mobile Internet. For today, though, I’ll focus on our technology messages.

This is a HUGE trade show for the mobile world, and it’s a great opportunity to talk to mobile operators, network equipment vendors, analysts, and others about the technology issues at the intersection of mobile networks and the Internet.

Pervasive monitoring remains a serious threat to every user of the Internet. The Internet technical community is increasing efforts to make all Internet communications more private and more secure. We support those efforts strongly and will be speaking to network operators about the practical issues of getting from where we are today to a more secure and private future.

Working collaboratively to ensure a more secure and stable routing infrastructure is also an important goal for us. To that end, I plan to speak to network operators about signing on to support the actions outlined in the Mutually Agreed Norms for Routing Security, or “MANRS” document, contained within the Routing Resilience Manifesto initiative. The more network operators who agree to the practices outlined in that initiative and who publicly declare that they support such practices, the more likely we will see a truly stable and secure network.

Finally, IPv6 deployment has been growing steadily for the past several years. There are significant mobile deployments at Verizon Wireless and T-Mobile USA in the United States, and other smaller scale deployments in mobile networks around the globe, but there is much work to be done. We would like to encourage more IPv6 uptake in mobile networks and plan to speak to operators about impediments to that progress. (As always, our Deploy360 Programme is poised to help operators get started.)

If you’re planning to attend Mobile World Congress and would like to discuss any of these issues, please drop me a note in the comments here or via our social media channels – Twitter, Facebook, or Google+. My colleague Phil Roberts and I would love to spend some time speaking with you in Barcelona.

Categories
IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue

The daily news stories and revelations related to pervasive Internet monitoring have slowed in recent months, but the work to strengthen the Internet (STRINT) continues within the Internet community. Now is an excellent time to take a quick look at some of the STRINT-related activities that are being discussed next week at IETF 91 in Honolulu.

First, the Internet Architecture Board (IAB), has established a Privacy and Security Program with three areas of focus: Resilience, Confidentiality, and Trust. While all of these contribute to general strengthening of the Internet, the confidentiality area in particular is actively working on a threat model and problem statement document: “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement.” Additional details about this program will be presented at the IAB Technical Plenary on Monday evening (1850-1750 in Coral 3).

The Security Area Advisory Group (saag) has been discussing terminology over the last several months. This discussion has evolved into a draft with the fabulous title: “Opportunistic Security: Some Protection Most of the Time.” This draft is out for a second IETF Last Call which is scheduled to end on 18 November. Now is an excellent time to review the discussions on the saag and ietf mailing list archives and use the opportunity of the Honolulu face to face time to catch the key protagonists in the hallway to ask those burning questions.

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They just finished a two-day interim meeting in October, and they plan another pre-IETF interim meeting on Sunday (9 November 2014, 9:30 – 13:30) ahead of their regular session on Thursday. For those of you with extra space in your Inbox, this is just the working group for you. (https://www.ietf.org/mail-archive/web/tls/current/maillist.html)

Several additional working groups are taking a second look at how encryption is used within their protocols. While highlighting each one here is a bit too detailed, keep an eye out for those discussions in the individual working group meetings. One that does deserve mention is the relatively new uta (Using TLS in Applications) working group that is specifically tasked with looking at the use of TLS in applications.

The Crypto Forum Research Group is not actually meeting in person during IETF91, but the discussion related to choosing cryptographic curves has been quite active on the mailing list (https://www.ietf.org/mail-archive/web/cfrg/current/maillist.html). A successful open transparent multi-stakeholder (and yes I know those words sometimes seem overused these days, but…) process to establish consensus on cryptographic curves going forward is a key component to strengthening the Internet.

I mentioned this during my comments for IETF90, and while I see there hasn’t been much activity, I’d still like to put in a plug for it because volunteers are badly needed. There is an effort to review existing RFCs for privacy and pervasive monitoring issues. This is an excellent way to read some of those old RFCs that you never got around to. The wiki for that activity is at https://trac.tools.ietf.org/group/ppm-legacy-review/.

Finally, while this isn’t exactly an IETF activity, I’d like to mention that the CrypTech project is making excellent progress in developing an open hardware cryptographic engine. This effort could eventually provide a set of open source cryptographic building blocks along with a trustworthy set of tools to be used to build more secure Internet products. Join the public mailing lists to follow progress.

Related Meetings, Working Groups, and BOFs at IETF 90:

tls (Transport Layer Security) WG
Thursday, 13 Nov 2014, 900-1130, Coral 5
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls
Charter: https://tools.ietf.org/wg/tls/charters

uta (Using TLS in Applications) WG
Tuesday, 11 Nov 2014, 900-1130, Coral 2
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

Follow Us

There’s a lot going on next week, and whether you plan to be there or join remotely, there’s much to follow. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf91.

Categories
Building Trust IETF Improving Technical Security Open Internet Standards Technology

Rough Guide to IETF 90: Strengthening the Internet

The pervasive monitoring revelations over the past year have galvanized the Internet technical community around the topic of Strengthening the Internet (STRINT). The community responded with an Internet Architecture Board (IAB) technical plenary at IETF 88 and a joint IAB/W3C workshop prior to IETF 89 in London. A summary of the workshop is provided in our latest issue of the IETF Journal. The full set of papers and presentations is available at the workshop website. Now is an excellent time to take a quick look at some of the STRINT-related activities that are being discussed this week in Toronto at IETF 90.
 
The IETF community established consensus around the fact that pervasive monitoring is an attack with the publication of RFC 7258 “Pervasive Monitoring Is an Attack”. The next topic to be addressed is terminology. While the topic can seem mundane and frustrating, having a common set of well understood terms is one of the key factors to a productive discussion leading to community consensus. The Security Area Advisory Group (saag) has been discussing terminology over the last few months primarily through two drafts. The first draft (http://tools.ietf.org/draft- draft-dukhovni-opportunistic-security-01) is in the middle of an IETF Last Call. Now is a good time to review and comment on that document. Additionally, there is a more general draft on terminology in the works (draft-kent-opportunistic-security-01).
 
The Internet Architecture Board (IAB) has established a Security and Privacy Program with three areas of focus: Internet Scale Resilience, Confidentiality, and Trust. Members of this program will hold their first meeting during the week here in Toronto. One of the specific STRINT-related work items for the IAB will be the discussion of the pervasive monitoring threat model based on the draft (http://tools.ietf.org/html/draft-barnes-pervasive-problem-01).
 
Several working groups are taking a second look at how encryption is used within their protocols. While highlighting each one here is a bit too detailed, keep an eye out for those discussions in the individual work group meetings. One that does deserve mention is the relatively new uta (Using TLS in Applications) Working Group that is specifically tasked with looking at the use of TLS in applications. This is only their second IETF as a working group.
 
Also of interest is IRTF Crypto Forum Research Group, the cfrg. With the increased interest in encryption and the desire to have more standards track cryptographic algorithms, the profile of the cfrg has increased here at IETF. This meeting will focus on ChaCha20 and Poly1305, hash-based signatures, and elliptic curve cryptography.
 
Beyond the incorporation of more encryption in developing protocols, there is also an effort to review existing RFCs for privacy and pervasive monitoring issues. This is an activity that is looking for additional volunteers and is an excellent way to read some of those old RFCs that you never got around to. The wiki for that activity is:
https://trac.tools.ietf.org/group/ppm-legacy-review/
 
Finally, the CrypTech project is looking to develop an open hardware cryptographic engine (see our blog post on CrypTech for more information). The leaders of this project will be having another Wednesday lunch meeting to discuss its design and status. This effort could eventually provide a set of open source cryptographic building blocks along with a trustworthy set of tools to be used to build more secure Internet products.
 
Related Meetings, Working Groups, and BoFs at IETF 90
 
uta (Using TLS in Applications) WG
Agenda: https://tools.ietf.org/wg/uta/agenda
Charter: https://tools.ietf.org/wg/uta/charter
Tuesday, 22 July 2014; 900-1130
 
IRTF cfrg (Crypto Forum Research Group)
Agenda: https://tools.ietf.org/agenda/90/agenda-90-cfrg.html
Wednesday, 23 July 2014; 1300-1500
 

Categories
Building Trust Improving Technical Security Open Internet Standards Privacy Technology

Pervasive Internet Surveillance – The Technical Community’s Response (So Far)

A little over a year ago, we learned about pervasive monitoring and interception of Internet traffic by governments. The biggest surprise wasn’t that these tools and programs exist, but the scope and scale of them that indicated to the technical community that this is a major threat to all users. In this post, we look at the responses from the technical community so far to mitigate this attack. There is also a companion piece on our Public Policy Blog examining policy responses to date.

Early on, the Internet Society expressed deep concerns about online surveillance and the need for an open global dialogue on online privacy and security, noting: “This kind of collection of user information is at odds with the commitments that governments around the world have made with respect to protection of personal data and other human rights.”

The Internet technical community has galvanised in its resolve against pervasive monitoring and is working to make the Internet more resilient in the face of such attacks. In November 2013, the Internet Engineering Task Force (IETF) declared that pervasive monitoring represents an attack on the Internet. This was followed by the adoption of RFC 7258: “Pervasive Monitoring Is an Attack,” which indicates that monitoring “should be mitigated in the design of IETF protocols, where possible.”

Even before we learned of widespread surveillance, the technical community was working to reduce users’ exposure to the results of mistaken or malicious certificates. Certificate transparency provides a system where certificates used to protect Internet communication can be monitored and audited in an open manner. It helps make connections using HTTPS, for example, less susceptible to interception or impersonation, and is used as a general security measure by guarding against broad Internet security attacks to make Web browsing safer. The Internet Society runs the log server code and we look forward to extending the service as both code and protocols are advanced. We are collaborating with organizations such as Google and NorduNET in this work.

The IETF is also pursuing work regarding the viability of more widespread encryption. Some believe that encryption with strong authentication should be used extensively. Others believe there are practical obstacles to this approach, including a lack of reasonable tools and understanding of how to use the technology, plus obstacles to scaling infrastructure and services with existing technologies. As a result, the discussion within the IETF has focused on addressing opportunistic encryption and weak authentication. “Weak authentication” means cryptographically strong authentication between previously unknown parties without relying on trusted third parties. The ability to deploy such solutions is much easier, and while it shouldn’t give a user higher confidence in the authenticity of a resource, it helps against pervasive passive monitoring.

Another example of technical community action is the organization of CRYPTECH.IS – a loose international collection of engineers working to improve assurance and privacy on the Internet. We are excited support this work that aligns with Internet Society goals (a) to advance the work of open standards bodies such as the IETF and W3C, (b) to strengthen the Internet, (c) to limit the corrosive effects of mass surveillance, and (d) to improve privacy on the Internet. This group is developing open source tools for cryptography that are used as building blocks for Internet communications. The initial projects are an open crypto chip design and prototype(s), and an assured tool chain (basic elements such as compilers, operating systems, and hardware design tools). The intent is that the resulting open-source hardware cryptographic engine can be built by anyone from public hardware specifications and open-source firmware. (Stay tuned to this Internet Technology Matters blog for a future post about the Cryptech effort.)

What’s next?   

The Internet has flourished and expanded because it is open, resilient, interconnected, and interdependent. It’s an ecosystem based on collaboration and shared responsibility from all stakeholders, including governments, the technical community, civil society, the private sector, and academia, among others.

We’re already making important progress within and across communities on a variety of technical and policy initiatives that share the common goals of:

  • Striving to protect Internet users’ communications from unwarranted monitoring and interception; and
  • Restoring trust in the Internet, its technologies, applications, and services.

There is no single answer to preventing massive surveillance. The only way to make the Internet more secure, more resilient, more robust, and with more privacy is through all of us working collaboratively to make it that way. It’s time for us all to do our part to make the Internet stronger.

We urge you to get involved with the Internet Society, the IETF, or any of the initiatives listed in this post.