Implementing Internet standards and protocols for a safer internet

IGF Pilot project deployment of internet standards

In the past two years proposals have been formulated how to improve the IGF. One of the proposals was to run a pilot project that addresses a complex internet issue with the intention to accelerate the existing process through active reach out and to instigate cross-sectoral work on the formulation of potential recommendations, solutions and future actions. The MAG agreed to have such a pilot project on one condition: it needs to be self-funded.

The pilot project aims to improve internet safety for all end users by advancing implementation of agreed, security-relevant Internet standards, by bringing together key stakeholders to recommend joint ways forward to ensure swift implementation. As examples six standards have been selected by involved experts: DNSSEC, RPKI, BCP 38, OWASP top 10, ISO 27001 and the framework of the Secure Software Foundation. This selection allows to address different organisations from a wide section across the internet community, as they do not address one single community; not in the origination of the standards, nor in the type of organisation they address in deploying.

Would you like to be kept up to date on this project? You can join the mailing list over here.

The main project goals are:

Reaching out to stakeholders that have not been actively involved to date (e.g. policy makers, parliamentarians, consumer organisations) and connect them with the technical community and industry;
Learn what the key causes for slow or fast implementation are;
To formulate recommendations and future actions to ensure a swift implementation of said internet standards;
To facilitate cooperation between the new stakeholders, industry and the technical community to ensure swifter future implementation of standards and protocols.

Project Details

This project will bring the issue of slow implementation of said standards and protocols to a new group of key stakeholders: policy makers, parliamentarians and consumer organisations. These groups have a direct interest in making the Internet safer but often lack the technical know-how to advance implementation. In addition, they are often not familiar with the multistakeholder system that underpins the internet and do not know how to navigate or impact the system.
The aim of including these stakeholders are two-fold:

To inform these groups of the risks of slow implementation and the effects it can have on the people on whose behalf they work;
To present existing solutions to them.

In addition, we will engage with industry to ascertain what the main causes of slow implementation are.

Bringing these actors into contact with the technical community creates a new dynamic in which politics, interest organisations and industry will not only realise the urgency of the current situation but also learn of existing solutions and create new ones. This collaboration could lead to mutually beneficial solutions that ensure a swifter implementation, and therefore, a safer internet for all involved.

As this is a pilot, a limited number of reach-out workshops are planned at the German, Dutch, Polish, European Parliaments and the Inter-Parliamentary Union. Also a workshop at BEUC, the European organisation of consumer organisations, is foreseen.

On these pages the final report will be drafted. Should you wish to cooperate you can register here and join the mailing list.

The project is self-funded. Should you wish to contribute financially or in kind, you can make yourself known to the project team via [email protected]

Workshop Hosted at the IGF 2019 in Berlin (Final Workshop Report)
Final Project's 2019 Report: Outcomes of the IGF pilot on the implementation (deployment) of Internet standards

Wout de Natris, De Natris Consult
Marten Porte, Porte Consultancy

Repository Initiatives Internet standards

Initiative	Manufacturer	Aims	URL
internet.nl	Dutch Internet Standards Platform	Jointly increase the use of modern Internet standards to make the Internet more accessible, safer and more reliable for everyone	https://internet.nl
Deploy 360	Internet Society	Bridge the gap between the IETF standards process and final adoption of those standards by the global operations community	https://www.internetsociety.org/deploy360/
Ready to ROA	APNIC	Get more APNIC-members to deploy RPKI	https://blog.apnic.net/2015/01/16/get-ready-to-roa/
RPKI Handout	AFRINIC	Provide AFRINIC members with information about RPKI	https://afrinic.net/handout-rpki
Workshop ‘Master the Routing Registry & RPKI’	AFRINIC	Provide AFRINIC members with the technical knowledge to implement RPKI	https://learn.afrinic.net/irrpki
RPKI (FAQ)	LACNIC	Provide LACNIC members with answers to their questions about RPKI	https://www.lacnic.net/1150/1/lacnic/rpki-faq
DNSSEC (FAQ)	LACNIC	Provide LACNIC members with answers to their questions about DNSSEC	https://www.lacnic.net/1145/2/lacnic/dnssec
FORT Project: Routing Security for a Free and Open Internet	LACNIC	Increase the routing system’s security and resilience by promoting RPKI resource certification through the implementation of a validator developed jointly by LACNIC and NIC Mexico	https://www.lacnic.net/3605/2/lacnic/fort-project:-routing-security-for-a-free-and-open-internet
Registrar Scorecard (RSC)	SIDN	Increase the adoption of internet standards through financial incentives	https://www.sidn.nl/nieuws-en-blogs/registrar-scorecard-een-programma-gericht-op-kwaliteit
Tutorial - How to Certify Your ARIN Resources with RPKI	ARIN	Show ARIN members how to use RPKI	https://youtu.be/IO5T30Ly8po
Open Standards Everywhere project	Internet Society	See an increase in security and availability of web servers across the Internet through the usage of TLS, DNSSEC, IPv6, and HTTP/2	https://www.internetsociety.org/blog/2020/01/introducing-our-open-standards-everywhere-project-securing-web-servers-in-2020/
Good practices guide for deploying DNSSEC	ENISA	Spread good practices on DNSSEC	https://www.enisa.europa.eu/publications/gpgdnssec/at_download/fullReport
OWASP top 10 Security check	Consumentenbond (Dutch Consumer Organisation)	Check webshop security on the basis of OWASP top 10	https://www.consumentenbond.nl/online-kopen/veiligheidslekken-bij-webwinkels
Range of OWASP projects	OWASP	Promote different aspects of OWASP	https://owasp.org/projects/
SME Guide on Information Security Management	European Digital SME Alliance	Help SMEs better understand ISO/IEC 27001 and assist them in its concrete implementation	https://www.digitalsme.eu/new-sbs-guide-information-security-management-standard-iso27001-made-easy-smes/
ISO 27001 certification in 10 easy steps	IT Governance Asia	Assist in obtaining ISO 27001 certification	https://www.itgovernance.asia/blog/iso-27001-certification-in-10-easy-steps

Please send contributions to the repository to: [email protected]