Skip Links

Q&A: Security top concern for new IETF chair

Leading standards body gets serious about bolstering Internet security

By , Network World
July 26, 2007 01:49 PM ET

Network World - CHICAGO — Russ Housley is the first chair of the IETF with a particular expertise in network security. Housley, who runs consulting firm Vigil Security, has been active in the IETF for nearly 20 years and helped write early e-mail security and public key infrastructure standards. Three months into his job as chair of the leading Internet standards body, Housley talked with Network World National Correspondent Carolyn Duffy Marsan about his strategy for bolting better security onto the freewheeling Internet.

What do you hope to accomplish as IETF chair?

My focus as IETF security area director was continuous, incremental improvement of the security of the Internet. As IETF chair, I want to continue with that. I also want to pursue continuous, incremental improvement of the entire Internet and continuous, incremental improvement of the IETF standards process.

What do you mean when you say your goal is continuous, incremental improvement for the Internet overall? Can you give me three specific goals?

Rollout of IPv6 is clearly one of them. Another is rollout of DNS security. And my personal hope is that the SIDR [Secure Inter-Domain Routing] working group leads to security improvements in Internet routing.

Why take on this time-consuming, volunteer job?

[Laughs.] I don’t have a good answer for that. I care about the community. I guess that is what it really comes down to. I could only do it because I got a sponsor. VeriSign is giving me a check a month, and the National Security Agency is paying my travel costs. Vigil Security is my own business. It’s just me, and my wife pays the bills.

How long do you expect to be IETF chair?

My term is two years, and then I’ll make an assessment. It’s not fair to ask me three months into the job whether I’ll seek another term. My predecessor said it took a year to learn the job and another year to get comfortable doing it. Just as you’re getting comfortable, your term is over.

You are the first security expert to head the IETF. Why is it important to have a security expert lead the group now?

Being a good manager and a security guy are not mutually exclusive. Clearly we need someone to continue the security improvements that have been started by [the two previous IETF chairs.] Security is where the Internet has the biggest need for improvement. So I look forward to working with the two area directors that have security as their key focus. Maybe with the three of us, we’ll be able to make more rapid progress.

Many of the IETF’s original protocols were designed without built-in security. How hard will it be for the IETF to go back and rework these protocols to require security?

Usually bolting security on after the fact leads to an incomplete solution, but that’s what we’re going to have to have. It’s not possible to turn off the Internet today and start up the secure Internet tomorrow. It just can’t be done, and no one would tolerate the outage if we could. The genesis of my continuous, incremental improvement philosophy is realizing that we can’t turn off the insecure Internet and turn on a more secure Internet even if we had consensus for what that meant.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News