The Internet Architecture Board (IAB), a committee of the Internet Engineering Task Force (IETF) that develops and promotes the standards that comprise the Internet protocol suite (TCP/IP), believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. IAB says encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance.

The board ecommends that encryption should be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

The IAB urges protocol designers to design for confidential operation by default.

"We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic," IANB said.

"We believe that each of these changes will help restore the trust users must have in the Internet."

IAB aknowledged that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. IAB promised to work with those affected to foster development of new approaches for these activitiesand move to an Internet where traffic is confidential by default.

Commenting on IAB's recommendations, the organizational home for the Internet Engineering Task Force (IETF), said that it strongly supports their statement that encryption should be the norm for Internet traffic.

"The IAB's statement aligns with the Internet Engineering Task Force's (IETF) statement that pervasive monitoring, whatever the source, must be considered an attack on the Internet as well as current work across IETF working groups to strengthen protocols."