Security (SEC) is one of the areas of work at the IETF. It consists of working groups focused on security and privacy protocols, and supports the appropriate application of security mechanisms in the protocols being developed in other areas of the IETF. The 25 Security area working groups and the 3 co-managed in the Applications and Real-Time area working groups are focused on:
The area is managed by the Security Area Directors (ADs) Roman Danyliw and Paul Wouters.
The Security ADs are assisted by the SECDISPATCH WG, a Security Directorate (SECDIR), and Security Area Advisory Group (SAAG).
Not formally part of the Security area, but collaborative in scope are the IRTF's Crypto Forum Research Group (CFRG) and Privacy Enhancements and Assessments Research Group (PEARG); and the IAB's Threat Model Program (model-t).
The research community has also helped verify the security properties of IETF protocols with formal analysis.
In additional to the IETF standard operating procedures on starting new work, the Security area uses the SECDISPATCH WG and the associated mailing list to raise awareness about and discuss next steps on, new proposals via the dispatch process.
The SEC Area directors can also be contacted to discuss how to engage the IETF on new work.
New work currently being discussed includes:
The Security Area Directorate (SECDIR) provides support to the Security Area Directors. The members consist of the WG Chairs of the Security Area and selected individuals chosen for their technical knowledge in security and their willingness to work with other groups within the IETF. Typically, each Internet-Draft is automatically assigned a SECDIR review during IETF Last Call and in preparation for an IESG Telechat. Early reviews (while the document is still being developed in the working group) can also be requested via the datatracker. Each of these review follows the [wiki:SecDirReview Security Director Review Process]
The SECDIR review queue and the mailing list are available.
In the limited cases where the cryptographic mechanisms of an IETF document requires deeper analysis by a cryptographer, the Security Area relies on the IRTF CFRG Crypto Review Panel.
The SECDIR and SEC AD reviews of documents have produced the following list of Common SEC Area Review Issues that have been repeatedly identified. Authors and WGs should consider these issues when writing their documents.
If specific security expertise is needed in a WG, please contact the Security ADs who may be able to find a advisor for the WG.
The Security Area Advisory Group (SAAG) is an open IETF forum to discuss security issues. It meets during IETF meetings.
SAAG is not working group. As such, it does not adopt or publish documents.
The community is welcome to subscribe to the mailing list or review the archives.
Security Area leadership past and present is further described on the Security Area Directors page.