Session
Other - 60 Min
Format description: Tutorial – Auditorium
Looking to promote open standards to keep the Internet safe and secure? In this 60 minute tutorial, Brazil, Denmark, Australia, and the Netherlands will show you how. Central to their approach is the provision of a testing tool, that helps one to check whether a website, email, and Internet connection are up to date, e.g. comply with modern Internet standards such as IPv6, DNSSEC, HTTPS, STARTTLS, DANE, DMARC, DKIM, SPF, and RPKI. If not, the tool will help you to do something about it. Speakers from all four countries will share their experiences with implementing the testing tool and the impact this has made on standards adoption in their respective countries. The session will include a demo of the testing tool (Internet.nl). Internet.nl is an initiative of the Dutch Internet Standards Platform. The software is licensed under an open-source license.
The speakers will all be online. Moderators will be present online as well as on-site to encourage interaction and participation, and harmonize feedback. The online moderator will keep the on-site moderator in sync such that the hybrid capabilities are fully maximized. We plan to use the testing tool Internet.nl to demonstrate how one can check whether a website, email, and Internet connection comply with modern Internet standards.
Alisa Heaver, Ministry of Economic Affairs and Climate Policy, Government
Rick van Rooijen, Ministry of the Interior and Kingdom Relations, Government
Daniel Nanghaka, ILICIT Africa, Civil society/Private sector
Gerben Klein Baltink, Dutch Internet Standards Platform (Internet.nl), Government/Private sector
Wout de Natris, Internet Standards, Security and Safety Coalition (IS3C), Private sector
Bart Hogeveen, Australian Strategic Policy Institute (ASPI), Government
Flavio Yanai, NIC.br, Technical community
Johnny Nordquist, DK Hostmaster, Technical community
Maarten Botterman, GFCE, Technical Community
Daniel Nanghaka, ILICIT Africa, Civil society/Private sector
Gerben Klein Baltink, Dutch Internet Standards Platform (Internet.nl), Government/Private sector
Wout de Natris, Internet Standards, Security and Safety Coalition (IS3C), Private sector
9.1
9.a
9.c
16.10
17.16
17.17
17.6
17.8
17.9
Targets: We will share our knowledge and experiences with public-private partnerships and international cooperation to promote modern Internet standards such as IPv6, DNSSEC, HTTPS, STARTTLS, DANE, DMARC, DKIM, SPF, and RPKI. Compliance with these standards will bring everyone a little closer to an open (accessible, inclusive), free (freedom of expression, freedom of association) and secure (private, secure) Internet.
Report
Report Internet.nl workshop
30 November 2022, Caucus room 11
This Open Forum focused on the need of modern Internet standards to be adopted in a faster and more scalable way in order to make the Internet and its users more secure and safer. It took the form of a tutorial, in which the focus lies on a testing tool, that helps one to check whether a website, email, and Internet connection are up to date, i.e. comply with modern Internet standards such as IPv6, DNSSEC, HTTPS, STARTTLS, DANE, DMARC, DKIM, SPF, and RPKI.
The Dutch Ministry of Economic Affairs and Climate explained the origin of the Internet.nl tool it created in 2015. It is a multistakeholder initiative intended to create awareness on Internet standards deployment and safety. Any organization can check its own domain name whether security measures, i.e. deployment of Internet standards, are in place or not. You can check the level of security of your domain name here: www.internet.nl. Within seconds the level of security is shown to you, including advice on next steps.
The software behind Internet.nl is open source and can be used by other organisations willing to run a local version in their respective countries. You can find the information on Github. Three other countries have adopted the tool: Australia, Brazil and Denmark. The former two presented on their experiences in adopting the process into their local environment.
What stood out from the three presentations is that local customs and perceptions on standards determine the way the tool can be used and presented. These differences did, however, not stand in the way of building a local version of the tool and launching it.
In the first presentation, Gerben Klein Baltink of Platform Internetstandaarden (Dutch Internet Standards Platform) stressed the importance of Internet.nl being a Public Private Initiative. All participants cooperate without commercial intent, joined by the intention to create a more secure Internet that is open, transparent and safe. He showed how the tool works to the audience and points to its hall of fame. All organisations showing a 100% score can apply for “membership”. (The local IGF connection scored 10%.)
Bart Hogeveen of the Australian Strategic Policy Institute (ASPI), presented .auCheck. It is technically a full copy of Internet.nl, the organization behind it is not. It proved harder to create a PPI. The current result was four years in the making. Research had shown that Australia is not in a position where the need for the deployment of Internet standards is broadly understood and accepted. There’s a lot of education and awareness raising to be done. The tool was only launched quite recently, so it’s hard to show any effects at this point in time. The tested outcomes however, show the need for more awareness. Deployment percentages on average are (too) low.
Gilberto Zorello of NIC.BR presented on TOP, Teste os Padroões (Test The Standards). The programme was launched in December 2021. TOP is a collaboration between the NIC.BR environment and experts. Tests show that average scores are below 25% for those who have tested for all standards. TOP is promoted in technical events in government and academia and it works closely with ISP associations. Although it is still rather early to truly measure effects, TOP already sees organisations coming back with better scores.
Maarten Botterman presented on behalf the Global Forum of Cyber Expertise on its Triple-I initiative (Internet Infrastructure Initiative) “This GFCE initiative is meant to “facilitate” awareness raising and capacity building events in different regions of the world in order to “enhance justified trust” in the using of Internet and/or email in those regions. Local and regional actors are stimulated and supported in setting up and running local/regional events between regional stakeholders, bringing in local expertise.“ If you need help, reach out to the GFCE. It has all the toolkits and information you need. (See: https://thegfce.org/ for more information.)
Moderator Daniel Nanghaka adds that this initiative started in 2017 by way of a campaign, after which some CERTs started to work together. In 2023 the trusted Africa Internet Initiative will start. It is expected that through cooperation with the GFCE all regions will be reached.
Gerben Klein Baltink points to the fact that in The Netherlands results are measurable. There is a clear uptake in the past eight years, where naming and faming has an effect. Around the world it is far too limited as the situation now stands. The world has to step up to make itself more secure and safer. He makes a call for action: “Modern Internet standards are essential for an open, secure and resilient Internet that enables social progress and economic growth. These standards are readily available, but their use needs to rise significantly to be fully effective. The UN is called upon to help accelerate the global uptake of key standards, by including their promotion in the Global Digital Compact, and supporting advocacy and capacity building, as well as initiatives to test and monitor deployment, especially where many people aren’t connected yet.”
From the room Mark Carvell pointed to the work undertaken by the IGF Dynamic Coalition on Internet Standards, Security and Safety (IS3C) that is working on recommendations and toolkits on the goal of faster and massive deployment of security-related Internet standards and ICT best practices.