The IETF Security Area

Security (SEC) is one of the areas of work at the IETF and is focused on security protocols. The Security Area is also concerned with the appropriate application of security mechanisms in protocols developed by working groups in other Areas of the IETF.

The area is managed by the Security Area Directors Benjamin Kaduk and Roman Danyliw. It is chartered in a number of working groups listed below.

Specification authors will want to be familiar with Typical SEC Area Issues that often need to be addressed in Internet-Drafts.

The Security Area Directors are assisted by a Security Directorate and Security Area Advisory Group (SAAG). In some cases, the Security Area provides a Security Advisor to other working groups.

Security Directorate

The Security Area Directorate provides support to the Security Area Directors. The group consists of the Working Group Chairs of the Security Area and selected individuals chosen for their technical knowledge in security and their willingness to work with other groups within the IETF to help provide security throughout IETF protocols. A roster of the current directorate members is here.

The security directorate is currently reviewing all IETF documents that pass through the IESG as a way to help the Security Area Directors improve their efficiency per the Security Director Review Process.

The directorate can be contacted by sending e-mail to secdir@…. Subscription is normally limited to Security Area WG chairs and individuals who help with document reviews, but the list archives are available.

Security Areas Advisory Group (SAAG)

The Security Area Directors are also supported by the Security Area Advisory Group (SAAG). The SAAG acts as an open forum for security issues. It meets during IETF meetings.

Anyone can subscribe to the SAAG mailing list or review the archives.

Active Working Groups

(ACE) Authentication and Authorization for Constrained Environments

(ACME) Automated Certificate Management Environment

(COSE CBOR Object Signing and Encryption

(CURDLE) CURves, Deprecating and a Little more Encryption

(DOTS) DDoS Open Threat Signaling

(EMU) EAP Method Update

(I2NSF) Interface to Network Security Functions

(IPSECME) IP Security Maintenance and Extensions

(KITTEN) Common Authentication Technology Next Generation

(LAMPS) Limited Additional Mechanisms for PKIX and SMIME

(MILE) Managed Incident Lightweight Exchange

(MLS) Messaging Layer Security

(OAUTH) Web Authorization Protocol

(RATS) Remote ATtestation ProcedureS

(SACM) Security Automation and Continuous Monitoring

(SECDISPATCH) Security Dispatch

(SECEVENTS) Security Events

(SUIT) Software Updates for Internet of Things

(TEEP) Trusted Execution Environment Provisioning

(TLS) Transport Layer Security

(TOKBIND) Token Binding

(TRANS) Public Notary Transparency

Significant Security Work in other Areas


(DPRIVE) DNS PRIVate Exchange


(SIDR) Secure Inter-Domain Routing

(TCPINC) TCP Increased Security

(UTA) Using TLS in Applications


Security Area leadership past and present is further described on the Security Area Directors page.

Last modified 19 months ago Last modified on 15/10/19 07:54:17