Russ Housley is the first chair of the IETF with a particular expertise in network security. Housley, who runs consulting firm Vigil Security, has been active in the IETF for nearly 20 years and helped write early e-mail security and public key infrastructure standards. Three months into his job as chair of the leading Internet standards body, Housley talked with Carolyn Duffy Marsan about his strategy for bolting better security onto the freewheeling Internet.
What do you hope to accomplish as IETF chair?
My focus as IETF security area director was continuous, incremental improvement of the security of the Internet. As IETF chair, I want to continue with that. I also want to pursue continuous, incremental improvement of the entire Internet and continuous, incremental improvement of the IETF standards process.
What do you mean when you say your goal is continuous, incremental improvement for the Internet overall? Can you give me three specific goals?
Rollout of IPv6 is clearly one of them. Another is rollout of DNS security. And my personal hope is that the SIDR [Secure Inter-Domain Routing] working group leads to security improvements in Internet routing.
Why take on this time-consuming, volunteer job?
[Laughs.] I don't have a good answer for that. I care about the community. I guess that is what it really comes down to. I could only do it because I got a sponsor. VeriSign is giving me a check a month, and the National Security Agency is paying my travel costs. Vigil Security is my own business. It's just me, and my wife pays the bills.
How long do you expect to be IETF chair?
My term is two years, and then I'll make an assessment. It's not fair to ask me three months into the job whether I'll seek another term. My predecessor said it took a year to learn the job and another year to get comfortable doing it. Just as you're getting comfortable, your term is over.
You are the first security expert to head the IETF. Why is it important to have a security expert lead the group now?
Being a good manager and a security guy are not mutually exclusive. Clearly we need someone to continue the security improvements that have been started by [the two previous IETF chairs.] Security is where the Internet has the biggest need for improvement. So I look forward to working with the two area directors that have security as their key focus. Maybe with the three of us, we'll be able to make more rapid progress.
Many of the IETF's original protocols were designed without built-in security. How hard will it be for the IETF to go back and rework these protocols to require security?
Usually bolting security on after the fact leads to an incomplete solution, but that's what we're going to have to have. It's not possible to turn off the Internet today and start up the secure Internet tomorrow. It just can't be done, and no one would tolerate the outage if we could. The genesis of my continuous, incremental improvement philosophy is realizing that we can't turn off the insecure Internet and turn on a more secure Internet even if we had consensus for what that meant.
Do IETF participants have the will to go back and fix insecure parts of the Internet? For example, everyone knows about the lack of security in HTTP, but there seems little will within the IETF to fix the HTTP authentication problem.
That's because in the case of HTTP, and I suspect in many others, there's little agreement about what's the most important security feature to add. When you say that we'll just fix the most egregious things, then you get into an argument about where to draw the line. In the case of HTTP, the biggest concern is authentication and that is primarily solved by [Transport Layer Security]. Why not mandate TLS? That's a very good question. There's not a Web server on the market that doesn't have TLS. Will we have the will to fix the security problems? Sometimes. [Domain Keys Identified Mail] is an add-on to the mail environment that we're developing. The work was done in the security area, but the whole idea came from the applications folks. I think we'll continue to see approaches like that where we can each see the benefits. But it's not going to be a complete overhaul of the e-mail system. Instead, it will be a fix for a particular concern.
Has there been a shift in attitude about security in the IETF in recent years?
Certainly. People think about security now, but for many people it's not the primary reason they are here. They're here to add a routing feature or add a particular capability to a particular application or to improve deployability of IPv6 or something like that.