[Newsclips] IETF SYN-ACK Newspack 2021-07-05

[David Goldstein <david@goldsteinreport.com>]

Hi IETF Participants,

 

Following some feedback last week about an article I included from a secondary source, and some discussions with Greg in the IETF office, we’ve included a new section from this week on.

 

The new section, “News From IETF Participants”, is intended for any IETF participants that have published relevant articles, or even have news stories about them, to forward these to me and I’ll include them in the next Newspack to share with the rest of the IETF participants on this list.

 

And the usual reminder, The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

Thanks for your interest,

David

 

**********************

IETF IN THE NEWS

**********************

Day 3 of Advocacy International: Getting comfortable with protocols

Day 3 of the "Advocacy International: Advancing our digital rights agenda for Asia" workshop was one of contrasts, with the first two sessions covering advocacy spaces like the Internet Governance Forum (IGF) and technical spaces like the Internet Corporation for Assigned Names and Numbers (ICANN) and International Telecommunication Union (ITU) from the perspective of how they function, and the last session speaking to the experience of civil society as they engage in them. ... Following this, the second session of the day, “Telecom and internet infrastructure advocacy”, was facilitated by Avri Doria, an individual member of APC and an ICANN Board member. This session covered technical spaces that govern internet policy, such as the IETF, ICANN and the ITU, which are not often navigated by civil society and where there is sometimes limited consideration for human rights. There is a need to bridge this gap, but lack of technical knowledge among civil society can be a barrier. However, this need not always be the case and some knowledge can go a long way. As Avri elaborated, for instance, it is not necessary that we know how to create a piece of code or internet infrastructure, but being able to read and understand it may be enough to know how it can be bettered. She also stressed the importance of building relationships with members of the technical community and finding commonalities as a critical avenue for advocacy. An important point of discussion in this session was on the neutrality of technology – the majority of participants agreed that tech is not neutral, but rather, it is coded with the biases of its creators. This is also why it is so critical for civil society to be present and advocate in technical spaces, as a way to challenge these biases.

< <https://www.apc.org/en/news/day-3-advocacy-international-getting-comfortable-protocols> https://www.apc.org/en/news/day-3-advocacy-international-getting-comfortable-protocols>

 

The evolution of cryptography in mobile networks and how to secure them in the future

Mobile network security has come a long way in the decades since cryptography was first introduced into the GSM standard. We take an in-depth look back over the algorithms and protocols that brought us this far – and see how well prepared we are for the quantum challenges of the future. ... While mobile networks use some algorithms and security protocols specific to 3GPP, most of the security protocols used in 5G such as TLS, DTLS, IKEv2, ESP, SRTP, X.509, and JOSE are standardized or maintained by the IETF. 3GPP has, for many years, had the excellent tradition of updating their security profiles in almost every release following recommendations from academia, IETF and other organizations. A large part of this work has been driven by Ericsson.

< <https://www.ericsson.com/en/blog/2021/6/evolution-of-cryptographic-algorithms> https://www.ericsson.com/en/blog/2021/6/evolution-of-cryptographic-algorithms>

 

Windows 11 includes the DNS-over-HTTPS privacy feature - How to use

... In the future, Microsoft hopes to learn about new DoH server configurations from a DNS server using Discovery of Designated Resolvers (DDR) and Discovery of Network-designated Resolvers (DNR), which they have proposed to IETF ADD WG.

< <https://www.bleepingcomputer.com/news/microsoft/windows-11-includes-the-dns-over-https-privacy-feature-how-to-use/> https://www.bleepingcomputer.com/news/microsoft/windows-11-includes-the-dns-over-https-privacy-feature-how-to-use/>

 

What is IPSec? A closer look at the internet's security protocol suite

IPsec, an extension of the widely adopted internet protocol (IP), encrypts network communications, protecting data against ‌theft‌ ‌and‌ ‌infiltration. Yet, history gives us a better understanding of IPsec. ... To end growing security concerns and prevent data sniffing across IP networks, the IETF proposed IP security (IPsec) in 1995. The protocol has remained in use ever since.

< <https://www.itpro.co.uk/network-internet/internet-protocol-version-6-ipv6/360066/what-is-ipsec> https://www.itpro.co.uk/network-internet/internet-protocol-version-6-ipv6/360066/what-is-ipsec>

 

Hashtag Trending, June 28, 2021 – Europe’s return-to-office lessons; Robocalls on the clock; Chinese fighter pilots VS AI

... There’s a big deadline coming up in the U.S. On June 30, every major voice provider in the US, including phone companies AT&T, Verizon and T-Mobile and cable provider Comcast, will have to implement a technology called Stir/Shaken. STIR: Secure Telephony Identity Revisited, the standard developed by the IETF that defines signature-based call authentication.

< <https://www.itbusiness.ca/news/hashtag-trending-june-28-2021-europes-return-to-office-lessons-robocalls-on-the-clock-chinese-fighter-pilots-vs-ai/118635> https://www.itbusiness.ca/news/hashtag-trending-june-28-2021-europes-return-to-office-lessons-robocalls-on-the-clock-chinese-fighter-pilots-vs-ai/118635>

 

Who Owns the Internet?

Over the last two and a half decades, the internet has evolved and expanded into something barely recognizable from its humble beginnings. Trying to understand what the internet is and how it works can be incredibly confusing. ... There is also the Internet Assigned Numbers Association (IANA), the IETF, Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and the IEEE Standards Association. Each of these organizations plays a role in regulating the internet in the form of developing standards, directly overseeing crucial roles, or maintaining databases that are central to the internet's continued operation.

< <https://www.makeuseof.com/who-owns-the-internet/> https://www.makeuseof.com/who-owns-the-internet/>

 

Review: 6 top videoconferencing services put to the test

... Meet does not offer end-to-end encryption, but Google says that it adheres to IETF security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP) and that Meet recordings stored in Google Drive are encrypted at rest with “at least AES 128.” (Google has provided a blog post with information about Meet security.) Google Workspace offers the usual array of management features including an admin portal and analytics reports.

< <https://floridanewstimes.com/review-6-top-videoconferencing-services-put-to-the-test/294876/> https://floridanewstimes.com/review-6-top-videoconferencing-services-put-to-the-test/294876/>

 

De ‘estudiantes’ a ‘amo y esclavos’: el complejo debate por un lenguaje más inclusivo en la informática [From 'students' to 'master and slaves': the complex debate for a more inclusive language in computing]

... Con el debate en marcha, se irán tomando decisiones. El Grupo de Trabajo de Ingeniería de Internet (IETF, en sus siglas en inglés), que es un organismo no vinculante de voluntarios que normaliza estándares, y que no vota sino acepta las decisiones por consenso en reuniones donde los murmullos pueden significar estar en contra, no ha concluido de momento nada.

< <https://elpais.com/tecnologia/2021-07-02/de-estudiantes-a-amo-y-esclavos-el-complejo-debate-por-un-lenguaje-mas-inclusivo-en-la-informatica.html> https://elpais.com/tecnologia/2021-07-02/de-estudiantes-a-amo-y-esclavos-el-complejo-debate-por-un-lenguaje-mas-inclusivo-en-la-informatica.html>

 

NFT z kodem źródłowym World Wide Web sprzedany za 5,4 miliona dolarów [NFT with World Wide Web source code sold for $5.4 million]

... Jak, mam nadzieję, wielu z Was wie, nazwa World Wide Web, czyli WWW, nie jest synonimem wyrażenia Internet. Według Wikipedii World Wide Web to hipertekstowy, multimedialny, internetowy system informacyjny oparty na publicznie dostępnych, otwartych standardach IETF i W3C, czyli po prostu usługa sieciowa tego samego rodzaju, co chociażby poczta elektroniczna. Internet z kolei definiowany jest jako ogólnoświatowy system połączeń między komputerami, określany również jako sieć sieci.

< <https://www.instalki.pl/aktualnosci/internet/48595-www-nft-kod-world-wide-web.html> https://www.instalki.pl/aktualnosci/internet/48595-www-nft-kod-world-wide-web.html>

 

Ai đang sở hữu mạng Internet toàn cầu? [Who owns the global Internet?]

... Ngoài ra còn có nhiều tổ chức khác như Internet Assigned Numbers Association (IANA), IETF, Internet Architecture Board (IAB), Internet Research Task Force (IRTF) và IEEE Standards Association. Mỗi tổ chức đều có một vai trò riêng trong việc điều tiết sự phát triển của internet theo các tiêu chuẩn, trực tiếp giám sát các cở sở hạ tầng quan trọng, hoặc bảo trì cơ sở dữ liệu trung tâm nhằm đảm bảo internet hoạt động liên tục.

< <https://vnreview.vn/tin-tuc-xa-hoi-so/-/view_content/content/3480982/ai-dang-so-huu-internet-mang-toan-cau> https://vnreview.vn/tin-tuc-xa-hoi-so/-/view_content/content/3480982/ai-dang-so-huu-internet-mang-toan-cau>

< <https://cafef.vn/ai-dang-so-huu-mang-internet-toan-cau-20210704122658912.chn> https://cafef.vn/ai-dang-so-huu-mang-internet-toan-cau-20210704122658912.chn>

 

中央网信办：组织开展 IPv6 部署和应用试点 [Central Cyberspace Administration: Organizing and launching IPv6 deployment and application pilots]

... IT之家了解到，IPv6 是“Internet Protocol Version 6”（互联网协议第 6 版）的缩写，是互联网工程任务组（IETF）设计的用于替代 IPv4 的下一代 IP 协议。

< <https://www.sohu.com/a/474890987_114760> https://www.sohu.com/a/474890987_114760>

 

**********************

NEWS FROM IETF PARTICIPANTS

**********************

HTTP/3 and QUIC: Past, Present, and Future by Mike Bishop [NB: this was included in last week's news from Security Boulevard however I've included the original source this week: DG]

You may have seen the announcements over the past two weeks -- the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you've followed this space. You might be wondering what this means to you, or you might think QUIC has been an established thing for years now. And how does HTTP/3 fit into this? Is HTTP/3 another name for QUIC?

< <https://blogs.akamai.com/2021/06/http3-and-quic-past-present-and-future.html> https://blogs.akamai.com/2021/06/http3-and-quic-past-present-and-future.html>

 

**********************

SECURITY & PRIVACY

**********************

The European Cybersecurity Competence Centre and Network is now ready to take off

The regulation establishing a new Cybersecurity Competence Centre and a Network of National Coordination Centres has entered into force this week. The Cybersecurity Competence Centre, which will be located in Bucharest, will contribute to strengthening European cybersecurity capacities and to boosting research excellence and the competitiveness of the Union's industry in the cybersecurity field.

< <https://digital-strategy.ec.europa.eu/en/news/european-cybersecurity-competence-centre-and-network-now-ready-take> https://digital-strategy.ec.europa.eu/en/news/european-cybersecurity-competence-centre-and-network-now-ready-take>

 

Using TLS to Avoid Detection is On the Rise

Leave it to industrious cybercriminals to find new ways to exploit old tools. The latest nefarious strategy is using TLS (Transport Layer Security) to avoid detection.

< <https://www.csoonline.com/article/3623630/using-tls-to-avoid-detection-is-on-the-rise.html> https://www.csoonline.com/article/3623630/using-tls-to-avoid-detection-is-on-the-rise.html>

 

eu: Phishing most common Cyber Incident faced by SMEs

Small and medium-sized enterprises (SMEs) are considered to be the backbone of Europe's economy. 25 millions of SMEs are active today in the European Union and employ more than 100 million workers. The report Cybersecurity for SMEs ENISA issues today provides advice for SMEs to successfully cope with cybersecurity challenges, particularly those resulting from the COVID-19 pandemic.

< <https://www.enisa.europa.eu/news/enisa-news/phishing-most-common-cyber-incidents-faced-by-smes> https://www.enisa.europa.eu/news/enisa-news/phishing-most-common-cyber-incidents-faced-by-smes>

 

Countries ramp up cybersecurity strategies

​​​​​The latest Global Cybersecurity Index (GCI) from the International Telecommunication Union (ITU) shows a growing commitment around the world to tackle and reduce cybersecurity threats.

< <https://www.itu.int/en/mediacentre/Pages/pr06-2021-global-cybersecurity-index-fourth-edition.aspx> https://www.itu.int/en/mediacentre/Pages/pr06-2021-global-cybersecurity-index-fourth-edition.aspx>

 

The European Cybersecurity Competence Centre and Network is now ready to take off

The regulation establishing a new Cybersecurity Competence Centre and a Network of National Coordination Centres has entered into force this week. The Cybersecurity Competence Centre, which will be located in Bucharest, will contribute to strengthening European cybersecurity capacities and to boosting research excellence and the competitiveness of the Union's industry in the cybersecurity field.

< <https://digital-strategy.ec.europa.eu/en/news/european-cybersecurity-competence-centre-and-network-now-ready-take> https://digital-strategy.ec.europa.eu/en/news/european-cybersecurity-competence-centre-and-network-now-ready-take>

 

**********************

INTERNET OF THINGS

**********************

How Internet of Things is Facilitating Smart Asset Tracking

Asset tracking has been vital in the supply chain and manufacturing industries for decades. This not only allows us to monitor resources but also helps in improving overall efficiency. With recent technology, the Internet of Things (IoT) made it very easy for asset tracking. IoT has made communications regarding the positions of the assets and related information about them. Here are three advantages of IoT on asset tracking in manufacturing and supply chains.

< <https://www.analyticsinsight.net/how-internet-of-things-is-facilitating-smart-asset-tracking/> https://www.analyticsinsight.net/how-internet-of-things-is-facilitating-smart-asset-tracking/>

 

Right at your fingertips: researcher creating digital touch

Engineer and Internet of Things expert, Dr Zhanwei Hou is developing an ultra-fast communication method to facilitate Tactile Internet, a technology which he hopes will one day allow users to experience touch over the internet.

< <https://www.sydney.edu.au/news-opinion/news/2021/07/05/right-at-your-fingertips--researcher-creating-digital-touch-.html> https://www.sydney.edu.au/news-opinion/news/2021/07/05/right-at-your-fingertips--researcher-creating-digital-touch-.html>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

The Deeper Root Cause of the Fastly and Akamai Outages by Alban Kwan, East Asia Regional Director at CSC

... Step 1: Harness the benefits of internet concentration: While we discussed a lot of the issues with internet concentration, it's important to stress that internet concentration also brings a lot of positives. For example, the concentration of CDN providers creates economies of scale for content delivery and also significantly reduces the data transit costs. The concentration of DNS providers allows the largest one to have enough scale to sustain Terabit-level DDoS attacks. The prominence of Google also helps the testing and development of critical new protocols such as QUIC. 

< <https://www.cscdbs.com/blog/fastly-and-akamai-outages/> https://www.cscdbs.com/blog/fastly-and-akamai-outages/>

< <https://www.circleid.com/posts/20210628-the-deeper-root-cause-of-the-fastly-and-akamai-outages/> https://www.circleid.com/posts/20210628-the-deeper-root-cause-of-the-fastly-and-akamai-outages/>

 

Internet: QUIC-Standardisierung durch die IETF [Internet: QUIC standardisation by the IETF]

Als TCP-Nachfolger wird Googles Transportprotokoll QUIC von einigen bereits gehandelt: Die geringe Latenz und die integrierte Verschlüsselung sprechen für sich.

< <https://www.heise.de/hintergrund/Internet-QUIC-Standardisierung-durch-die-Internet-Engineering-Task-Force-6120835.html> https://www.heise.de/hintergrund/Internet-QUIC-Standardisierung-durch-die-Internet-Engineering-Task-Force-6120835.html>

 

Pop!_OS 21.04 („Cosmic“): Ubuntu-Derivat mit eigenem Desktop auf Gnome-Basis [Pop!_OS 21.04 ("Cosmic"): Ubuntu derivative with its own Gnome-based desktop]

... Neben der bereits obligatorischen Produktpflege mit zahlreichen aktualisierten Softwarepaketen wie unter anderem der freien Office-Suite LibreOffice 7.1.3, die jetzt eine noch bessere Kompatibilität mit Microsoft Office bietet, und dem Browser Mozilla Firefox 89.0.2 mit Support für QUIC und HTTP/3, übernimmt Pop!_OS 21.04 („Cosmic“) auch die vom neuesten Ubuntu bekannten Verbesserungen hinsichtlich des Open-Source-Toolkits Flutter und des freien Display-Server-Protokolls Wayland.

< <https://www.computerbase.de/2021-06/pop-os-21.04-cosmic-ubuntu-derivat-mit-eigenem-desktop-auf-gnome-basis/> https://www.computerbase.de/2021-06/pop-os-21.04-cosmic-ubuntu-derivat-mit-eigenem-desktop-auf-gnome-basis/>

 

Google Cloud velocizza le applicazioni Internet con il protocollo HTTP/3 [Google Cloud speeds up Internet applications with HTTP/3 protocol]

... HTTP/3 è un protocollo Internet di prossima generazione ed è costruito su QUIC, un protocollo sviluppato da Google e sottoposto all’IETF, l’organizzazione internazionale che sviluppa e promuove gli standard Internet.

< <https://www.01net.it/google-cloud-velocizza-le-applicazioni-internet-con-il-protocollo-http-3/> https://www.01net.it/google-cloud-velocizza-le-applicazioni-internet-con-il-protocollo-http-3/>

 

Qué son los ataques SSL Stripping y cómo evitarlos [What are SSL Stripping attacks and how to prevent them]

... Respecto a los puertos, mientras que el protocolo HTTP utiliza el protocolo TCP en la capa de transporte y el puerto 80, el protocolo HTTPS utiliza el puerto TCP 443. En los últimos meses se ha estandarizado el protocolo QUIC para las conexiones web, un protocolo para HTTPS cuando se usa HTTP/2 y/o HTTP/3 y que utiliza el protocolo UDP para realizar las conexiones punto a punto, este protocolo QUIC ya incorpora por sí mismo criptografía segura con los últimos algoritmos criptográficos seguros como Chacha20-Poly1305 o AES-GCM.

< <https://www.redeszone.net/tutoriales/seguridad/que-son-ataques-ssl-stripping-evitarlos/> https://www.redeszone.net/tutoriales/seguridad/que-son-ataques-ssl-stripping-evitarlos/>

 

最近通信が不安定になっていませんか？QUICはNAT溢れにご注意を [Has communication become unstable recently? QUIC should be careful about NAT overflow]

IETFはQUICを標準として承認したと発表しました。また、仕様をまとめたRFC9000が発表されています。これにより、WEB表示の高速化が期待されます。しかし、WEBブラウザでQUICを有効にし、QUIC対応のWEBサービス(Googleなど)へアクセスした際に通信が不安定になるといったトラブルもWEB上で散見されるようになりました。

< <https://japan.cnet.com/release/30559943/> https://japan.cnet.com/release/30559943/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Estonian president: Our connected world needs a trusted architecture

A delivery robot stops at a crosswalk. Cars begin to approach. Does the robot have the right of way, like a pedestrian? In Estonia, the car gets preference—but some human drivers wait, unaware of the rule, causing delays. And what happens when an adversarial nation owns the technology behind those robots and uses them nefariously?

< <https://www.atlanticcouncil.org/blogs/new-atlanticist/estonian-president-our-connected-world-needs-a-trusted-architecture/> https://www.atlanticcouncil.org/blogs/new-atlanticist/estonian-president-our-connected-world-needs-a-trusted-architecture/>

 

CDNs and Centrality by Geoff Huston

On the afternoon June 17 of this year there was a widespread outage of online services. In Australia it impacted three of the country’s largest banks, the national postal service, the country’s reserve bank, and one airline operator. Further afield from Australia the outage impacted the Hong Kong Stock Exchange, and some US airlines. The roll call of impacted services appeared to reach some 500 services.

< <https://www.potaroo.net/ispcol/2021-07/cdn.html> https://www.potaroo.net/ispcol/2021-07/cdn.html>

 

Message to the Mobile World Congress: Encouraging 5G investments for all

Many people see mobile phone communication as a natural tool and a part of our normal life. But I would like to point out the fact that all this has become possible thanks to the marvelous development of information and communication technologies (ICTs) over the last two decades.

< <https://www.itu.int/en/myitu/News/2021/06/28/13/33/Mobile-World-Congress-2021-new-mindset-5G-investment> https://www.itu.int/en/myitu/News/2021/06/28/13/33/Mobile-World-Congress-2021-new-mindset-5G-investment>

 

The evolution of cryptography in mobile networks and how to secure them in the future

Mobile network security has come a long way in the decades since cryptography was first introduced into the GSM standard. We take an in-depth look back over the algorithms and protocols that brought us this far – and see how well prepared we are for the quantum challenges of the future.

< <https://www.ericsson.com/en/blog/2021/6/evolution-of-cryptographic-algorithms> https://www.ericsson.com/en/blog/2021/6/evolution-of-cryptographic-algorithms>

 

The Evolution of 5G in Current Releases of GPP Standards and Its Impact on Testing

Learn the latest testing advancements to overcome the challenges of 5G NR Releases 16 and 17

< <https://spectrum.ieee.org/webinar/the-evolution-of-5g-in-current-releases-of-gpp-standards-and-its-impact-on-testing> https://spectrum.ieee.org/webinar/the-evolution-of-5g-in-current-releases-of-gpp-standards-and-its-impact-on-testing>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home