Implementing Internet standards and protocols for a safer internet

IGF Pilot project deployment of internet standards

In the past two years proposals have been formulated how to improve the IGF. One of the proposals was to run a pilot project that addresses a complex internet issue with the intention to accelerate the existing process through active reach out and to instigate cross-sectoral work on the formulation of potential recommendations, solutions and future actions. The MAG agreed to have such a pilot project on one condition: it needs to be self-funded.

The pilot project aims to improve internet safety for all end users by advancing implementation of agreed, security-relevant Internet standards, by bringing together key stakeholders to recommend joint ways forward to ensure swift implementation. As examples six standards have been selected by involved experts: DNSSEC, RPKI, BCP 38, OWASP top 10, ISO 27001 and the framework of the Secure Software Foundation. This selection allows to address different organisations from a wide section across the internet community, as they do not address one single community; not in the origination of the standards, nor in the type of organisation they address in deploying.

Would you like to be kept up to date on this project? You can join the mailing list over here.

The main project goals are: 

  •  Reaching out to stakeholders that have not been actively involved to date (e.g. policy makers, parliamentarians, consumer organisations) and connect them with the technical community and industry; 
  • Learn what the key causes for slow or fast implementation are;
  • To formulate recommendations and future actions to ensure a swift implementation of said internet standards;
  • To facilitate cooperation between the new stakeholders, industry and the technical community to ensure swifter future implementation of standards and protocols. 

Project Details

This project will bring the issue of slow implementation of said standards and protocols to a new group of key stakeholders: policy makers, parliamentarians and consumer organisations. These groups have a direct interest in making the Internet safer but often lack the technical know-how to advance implementation. In addition, they are often not familiar with the multistakeholder system that underpins the internet and do not know how to navigate or impact the system. 

The aim of including these stakeholders are two-fold: 

  • To inform these groups of the risks of slow implementation and the effects it can have on the people on whose behalf they work;
  • To present existing solutions to them. 

In addition, we will engage with industry to ascertain what the main causes of slow implementation are. 

Bringing these actors into contact with the technical community creates a new dynamic in which politics, interest organisations and industry will not only realise the urgency of the current situation but also learn of existing solutions and create new ones. This collaboration could lead to mutually beneficial solutions that ensure a swifter implementation, and therefore, a safer internet for all involved. 

As this is a pilot, a limited number of reach-out workshops are planned at the German, Dutch, Polish, European Parliaments and the Inter-Parliamentary Union. Also a workshop at BEUC, the European organisation of consumer organisations, is foreseen.

On these pages the final report will be drafted. Should you wish to cooperate you can register here and join the mailing list.

The project is self-funded. Should you wish to contribute financially or in kind, you can make yourself known to the project team via [email protected]



Wout de Natris,  De Natris Consult

Marten Porte, Porte Consultancy

Repository Initiatives Internet standards

Initiative

Manufacturer

Aims

URL

internet.nl 

Dutch Internet Standards Platform

Jointly increase the use of modern Internet standards to make the Internet more accessible, safer and more reliable for everyone

https://internet.nl 

Deploy 360

Internet Society

Bridge the gap between the IETF standards process and final adoption of those standards by the global operations community

https://www.internetsociety.org/deploy360/ 

Ready to ROA

APNIC

Get more APNIC-members to deploy RPKI

https://blog.apnic.net/2015/01/16/get-ready-to-roa/ 

RPKI Handout

AFRINIC

Provide AFRINIC members with information about RPKI

https://afrinic.net/handout-rpki 

Workshop ‘Master the Routing Registry & RPKI’

AFRINIC

Provide AFRINIC members with the technical knowledge to implement RPKI

https://learn.afrinic.net/irrpki 

RPKI (FAQ)

LACNIC

Provide LACNIC members with answers to their questions about RPKI

https://www.lacnic.net/1150/1/lacnic/rpki-faq 

DNSSEC (FAQ) LACNIC Provide LACNIC members with answers to their questions about DNSSEC https://www.lacnic.net/1145/2/lacnic/dnssec

FORT Project: Routing Security for a Free and Open Internet

LACNIC

Increase the routing system’s security and resilience by promoting RPKI resource certification through the implementation of a validator developed jointly by LACNIC and NIC Mexico

https://www.lacnic.net/3605/2/lacnic/fort-project:-routing-security-for-a-free-and-open-internet 

Registrar Scorecard (RSC)

SIDN

Increase the adoption of internet standards through financial incentives

https://www.sidn.nl/nieuws-en-blogs/registrar-scorecard-een-programma-gericht-op-kwaliteit 

Tutorial - How to Certify Your ARIN Resources with RPKI

ARIN

Show ARIN members how to use RPKI

https://youtu.be/IO5T30Ly8po 

Open Standards Everywhere project

Internet Society

See an increase in security and availability of web servers across the Internet through the usage of TLS, DNSSEC, IPv6, and HTTP/2

https://www.internetsociety.org/blog/2020/01/introducing-our-open-standards-everywhere-project-securing-web-servers-in-2020/

Good practices guide for deploying DNSSEC

ENISA

Spread good practices on DNSSEC

 https://www.enisa.europa.eu/publications/gpgdnssec/at_download/fullReport

OWASP top 10 Security check

Consumentenbond (Dutch Consumer Organisation)

Check webshop security on the basis of OWASP top 10

https://www.consumentenbond.nl/online-kopen/veiligheidslekken-bij-webwinkels

Range of OWASP projects

OWASP

Promote different aspects of OWASP

https://owasp.org/projects/ 

SME Guide on Information Security Management

European Digital SME Alliance

Help SMEs better understand ISO/IEC 27001 and assist them in its concrete implementation

https://www.digitalsme.eu/new-sbs-guide-information-security-management-standard-iso27001-made-easy-smes/

ISO 27001 certification in 10 easy steps

IT Governance Asia

Assist in obtaining ISO 27001 certification

https://www.itgovernance.asia/blog/iso-27001-certification-in-10-easy-steps

 

 

 

 

Please send contributions to the repository to: [email protected]