Editing Internet Architecture Board (section)

==RFC 8980 - Workshop on Design Expectations vs. Deployment Reality in Protocol Development ==
The RFC 8980 workshop was held in February 2021, where the IAB discussed several topics around security protocols, including:<ref>{{Cite web |title=rfc8980 |url=https://www.rfc-editor.org/rfc/rfc8980.pdf |website=www.rfc-editor.org}}</ref>

*Email standards, which presumed many providers running in a largely uncoordinated fashion but have seen both significant market consolidation and a need for coordination to defend against spam and other attacks. The coordination and centralized defense mechanisms scale better for large entities; these have fueled additional consolidation.
*The Domain Name System (DNS), which presumed deep hierarchies but has often been deployed in large, flat zones, leading to the nameservers for those zones becoming critical infrastructure. Future developments in DNS may see concentration through the use of globally available common resolver services, which evolve rapidly and can offer better security. Paradoxically, the concentration of these queries into a few services creates new security and privacy concerns.
*The Web, which is built on a fundamentally decentralized design but is now often delivered with the aid of Content Delivery Networks (CDNs). Their services provide scaling, distribution, and prevention of denial of service in ways that new entrants and smaller systems operators would find difficult to replicate. While truly small services and truly large services may each operate using only their own infrastructure, many others are left with the only practical choice being the use of a globally available commercial service.

The workshop resulted in the following recommendations by the IAB:
* Develop and document a modern threat model.
* Continue discussion of consolidation/centralization issues.
* Document architectural principles, e.g., (re)application of the end-to-end principle.