[Newsclips] IETF SYN-ACK Newspack 2023-11-06

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Experience of women participating in the IETF

As someone who has participated in the IETF since 1992, I am used to being one of the few women in the room during technical meetings. However, as more women have engaged in technical communities over the last few decades, the IETF, along with some other communities I participate in, have not experienced the diversity in participation experienced in the technical industry sector in general.

< <https://blog.apnic.net/2023/10/30/experience-of-women-participating-in-the-ietf/> https://blog.apnic.net/2023/10/30/experience-of-women-participating-in-the-ietf/>

 

IAB Report to the Community for IETF 118

The IAB has uploaded its report for the IETF 118 meeting to the proceedings in the datatracker. In addition, I would like to highlight some recent/on-going activities:

< <https://www.iab.org/2023/11/03/iab-report-to-the-community-for-ietf-118/> https://www.iab.org/2023/11/03/iab-report-to-the-community-for-ietf-118/>

 

Deborah Brungard selected as new IETF liaison manager to ITU-T Study Group 15

The IAB is pleased to announce that Deborah Brungard has been selected as the new liaison manager to ITU-T Study Group 15.

< <https://www.iab.org/2023/10/31/deborah-brungard-selected-as-new-ietf-liaison-manager-to-itu-t-study-group-15/> https://www.iab.org/2023/10/31/deborah-brungard-selected-as-new-ietf-liaison-manager-to-itu-t-study-group-15/>

 

Next steps in preparing for post-quantum cryptography: Guidance to help organisations and CNI providers think about how to best prepare for the migration to post-quantum cryptography (PQC).

This guidance helps system and risk owners in commercial enterprises, public sector organisations and critical national infrastructure providers to think about how to best prepare for the migration to post-quantum cryptography. ... Since 2016, NIST has been running a process to standardise PQC algorithms, backed up by academic scrutiny from the international cryptography community. This process has been followed closely by standards-defining organisations including: the IETF, who have been working on updating their protocols to be resistant against a quantum computer; ETSI, who have been producing migration and deployment guidance

< <https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography> https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography>

 

Eurobites: Vodafone 'enriches' the error message

Vodafone has come up with a new service which, it says, will help users better understand those mysterious error messages that crop up when browsing the Internet and usually offer little clue about the actual nature of the problem. In a test, the operator was able to offer up two types of "enriched error messages," one via a dedicated blocking page that can be embedded in an actual browser and the other a standalone generic text which describes the problem in greater detail than a standard, bare-bones error message. Vodafone has presented its ideas to the wider web boffins' community via the IETF, which develops standards that are often adopted by users, operators and equipment vendors.

< <https://www.lightreading.com/finance/eurobites-vodafone-enriches-the-error-message> https://www.lightreading.com/finance/eurobites-vodafone-enriches-the-error-message>

 

Time to Act: Building the Technical and Institutional Foundations for AI Assurance

AI assurance requires agreement among governments that systems are behaving appropriately. Existing international standards institutions can help. ... ICANN is charged (originally the IANA under the auspices of the U.S. government) with managing the traffic of the internet via the management of the global domain name system via its stewardship of TLDs. Today, ICANN is a global platform for internet policy and coordination, emphasizing diversity and the multistakeholder model. ICANN’s multistakeholder approach involves consultation with governments, businesses, technical experts, and civil society organizations—and has recently become a venue for attempts by governments to grow their role via ICANN’s Governmental Advisory Committee that communicates the interests of governments and intergovernmental organizations. Like ICANN, the IETF was founded as a multistakeholder institution in 1986 to create technical standards through open, consensus-based processes. Past successes include the development of protocols like HTTP/1.1, IPv6, and TLS, each of which has had a significant impact on the internet's architecture and security.

< <https://www.lawfaremedia.org/article/time-to-act-building-the-technical-and-institutional-foundations-for-ai-assurance> https://www.lawfaremedia.org/article/time-to-act-building-the-technical-and-institutional-foundations-for-ai-assurance>

 

The IoT Cyber Seal Fog

... MITRE, as one of the U.S. national security community’s principal security research and standards organisations, and recognized by ITU-T for its standards, has for several decades engaged in the development of IoT specifications. The most significant IoT standards that definitively express IoT vulnerabilities and weaknesses were created by MITRE and some have been transposed into ITU-T standards. One of the most important new IoT security platforms relating to IoT Supply Chain Risk Management was recently presented at an ITU-T workshop in Korea—which identified 642 specific measurable risks that are potentially nested in an IoT supply chain that are potentially implementable using the IETF’s new SCITT standards.

< <https://circleid.com/posts/20231031-the-iot-cyber-seal-fog> https://circleid.com/posts/20231031-the-iot-cyber-seal-fog>

 

APNIC celebrates 30 years: IPv6 — the long road to ‘more than enough addresses’

>From roots in the early 1990s, competing protocol proposals to replace IPv4 converged on a design in 1994 and this was confirmed in 1995. So, within the first two years of ‘the APNIC experiment’, there was a definition of IPv6 as a protocol. But that was just the start of the work required by the community to realize the future of addressing. ... The IETF realized early on that IPv4 had a limited horizon of growth against world expectations. This was brought into sharp focus by the Address Lifetime Expectations (ALE) Working Group, which in 1994, projected IPv4 would run out between 2005 and 2011. This turned out to be remarkably perceptive, with the final /8 process in the Regional Internet Registry (RIR) community being enacted in 2011.

< <https://blog.apnic.net/2023/11/02/apnic-celebrates-30-years-ipv6-the-long-road-to-more-than-enough-addresses/> https://blog.apnic.net/2023/11/02/apnic-celebrates-30-years-ipv6-the-long-road-to-more-than-enough-addresses/>

 

Security Control Changes due to TLS Encrypted ClientHello by Kathleen M. Moriarty

How we defend our systems is about to shift in the coming weeks with a major change to the Transport Layer Protocol (TLS) taking place between the browser and a new device called the client-facing server, which is mostly positioned at content delivery networks (CDN). Encrypted ClientHello (ECH) has now been enabled in the Chrome browser, and it will soon be enabled in the Mozilla browser and at servers hosted by Cloudflare. It is possible other content delivery networks (CDN) will follow suit. Cloudflare supports about 70% of websites and will add support back for beta client sites in early 2024 after running into some issues with the initial testing in October 2023. ... ECH means that HTTPS sessions will no longer expose the domain name of the destination web server when ECH is enabled. The entire ClientHello is encrypted from the web browser to the CDN, thus limiting visibility by any middlebox systems to the name of the client-facing server hosted by the CDN in the “ClientHelloOuter” as the destination and the browser as the other endpoint. The ”ClientHelloInner” with the true destination will remain encrypted and only visible to the browser and CDN. There are some great resources that discuss the privacy reasons behind these changes in the IETF standard TLS.

< <https://www.cisecurity.org/insights/blog/security-control-changes-due-to-tls-encrypted-clienthello> https://www.cisecurity.org/insights/blog/security-control-changes-due-to-tls-encrypted-clienthello>

 

Leon Wang from Huawei: Net5.5G-oriented Products Will Be Launched in 2024, Inspiring New Business Growth of Carriers

... In terms of standards, Huawei has joined WBBA's network technology working group and is carrying out Net5.5G research. It is also participating in Net5.5G-relevant technical standardization work being conducted by IEEE and IETF. This work covers key areas such as Wi-Fi 7, 800GE, SRv6, and Network Digital Map.

< <https://www.lightreading.com/5g/leon-wang-from-huawei-net5-5g-oriented-products-will-be-launched-in-2024-inspiring-new-business-growth-of-carriers> https://www.lightreading.com/5g/leon-wang-from-huawei-net5-5g-oriented-products-will-be-launched-in-2024-inspiring-new-business-growth-of-carriers>

 

'The challenge is educating people:' Element's quest to encrypt remote workspaces

... We have another initiative called MLS, which is using the IETF standard for encryption, and we have another initiative which is post-quantum key exchange led on top of the existing encryption. It's surprisingly hard because you need to think ahead to everything that could be swapped out and make sure that it can be swapped out. We got it wrong in some instances, and it took us years to build the infrastructure to allow particular bits of the system to be modular.

< <https://www.techradar.com/pro/security/the-challenge-is-educating-people-elements-quest-to-encrypt-remote-workspaces> https://www.techradar.com/pro/security/the-challenge-is-educating-people-elements-quest-to-encrypt-remote-workspaces>

 

Huawei and Ericsson Sign Long-term Patent Cross-licensing Agreement

Huawei and Ericsson have signed a long-term global patent cross-licensing agreement that covers patents essential to a wide range of standards such as 3GPP, ITU, IEEE, and IETF standards for 3G, 4G, and 5G cellular technologies, Huawei announced Friday on its official website.

< <https://www.lexology.com/library/detail.aspx?g=d95862dd-c93c-4e55-91bc-bc2c5d1a27fa> https://www.lexology.com/library/detail.aspx?g=d95862dd-c93c-4e55-91bc-bc2c5d1a27fa>

 

Messaging und Gruppen-Chats: Wie die IETF Sicherheit für Milliarden Menschen schafft [Messaging and group chats: How the IETF creates security for billions of people]

Wie können Gruppen-Chats massentauglich sein und zugleich höchsten Sicherheitseigenschaften genügen? Wie lässt sich technisch absichern, dass niemand Drittes mitlesen kann? Darüber sprechen wir mit Raphael Robert, der sich in der IETF dafür engagiert, Messenger sicherer zu machen. Er und seine Mitstreiter haben dafür das Protokoll Messaging Layer Security (MLS) entworfen.

< <https://netzpolitik.org/2023/messaging-und-gruppen-chats-wie-die-ietf-sicherheit-fuer-milliarden-menschen-schafft/> https://netzpolitik.org/2023/messaging-und-gruppen-chats-wie-die-ietf-sicherheit-fuer-milliarden-menschen-schafft/>

 

BSI aktualisiert Zertifizierung für sicheren E-Mail-Transport​ [BSI updates certification for secure e-mail transport]

... Die sendende Seite muss DNS-Auflösungsserver (Resolver) verwenden, die die Sicherheitsstandards DNSSEC beherrschen, heißt es in der TR etwa. Wenn die Empfängerdomain ihre DNS-Zone damit signiert hat, ließen sich MITM-Attacken erkennen. Zudem würden die (gefälschten) DNS-Antworten unterdrückt. Zusätzlich legt das BSI den Einsatz des IETF-Standards DNS-based Authentication of Named Entities (DANE) nahe. Dieses bietet dem BSI zufolge "wirksamen und skalierbaren Schutz" vor MITM-Angriffen und sei daher für die Einhaltung der TR zwingend erforderlich.

< <https://www.heise.de/news/Transportsicherheit-BSI-zertifiziert-E-Mail-Dienste-nach-neuer-Richtlinie-9349117.html> https://www.heise.de/news/Transportsicherheit-BSI-zertifiziert-E-Mail-Dienste-nach-neuer-Richtlinie-9349117.html>

 

Több funkció a Windows-okból eltávolítását is bejelentette a Microsoft [Microsoft has announced the removal of several features from Windows]

Végül pedig a WebDAV egy olyan szolgáltatás volt, ami a szabványos HTTP protokollon keresztül tette lehetővé fájlok és dokumentumok szerkesztését és kezelését, elsősorban Windows számítógépek között. Bár esetében egy, az IETF által kidolgozott szabványos megoldásról volt szó, de használata sosem terjedt el, a felhők megjelenésével pedig értelmét is vesztette jelenléte a Windows-okban.

< <https://pcforum.hu/hirek/26724/windows-deprecated-nyugdijazas-szamitogep-tallozas-webdav-mailslot> https://pcforum.hu/hirek/26724/windows-deprecated-nyugdijazas-szamitogep-tallozas-webdav-mailslot>

 

**********************

SECURITY & PRIVACY

**********************

Achieving Greater Heights for MANRS

Today, we’re excited to announce a new phase for Mutually Agreed Norms for Routing Security (MANRS). The Internet Society has partnered with the Global Cyber Alliance (GCA), an international nonprofit specializing in addressing cybersecurity challenges at scale by mobilizing stakeholders toward collective action. As part of this partnership, the GCA will take on the functions of the MANRS secretariat and operations, while the Internet Society will maintain significant funding, advocacy, and training functions over the next five years.

< <https://www.internetsociety.org/blog/2023/11/achieving-greater-heights-for-manrs/> https://www.internetsociety.org/blog/2023/11/achieving-greater-heights-for-manrs/>

< <https://www.manrs.org/2023/11/achieving-greater-heights-for-manrs/> https://www.manrs.org/2023/11/achieving-greater-heights-for-manrs/>

 

us: CISA Launches Critical Infrastructure Security and Resilience Month 2023

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the kickoff of Critical Infrastructure Security and Resilience Month. Yesterday, the White House issued a Presidential Proclamation to commemorate November as Critical Infrastructure Security and Resilience Month and called on Americans to recognize the importance of this month to enhance our collective national security and resilience.

< <https://www.cisa.gov/news-events/news/cisa-launches-critical-infrastructure-security-and-resilience-month-2023> https://www.cisa.gov/news-events/news/cisa-launches-critical-infrastructure-security-and-resilience-month-2023>

 

How we measure: DNSSEC validation

At APNIC Labs, we publish a number of measurements of the deployment of various technologies that are being adopted on the Internet. Here we will look at how we measure the adoption of DNSSEC validation.

< <https://blog.apnic.net/2023/10/31/how-we-measure-dnssec-validation/> https://blog.apnic.net/2023/10/31/how-we-measure-dnssec-validation/>

< <https://www.potaroo.net/ispcol/2023-10/measure-dnssec.html> https://www.potaroo.net/ispcol/2023-10/measure-dnssec.html>

 

Smart Cities and Cybersecurity: Protecting Citizens from Malicious Attacks

Smart cities and cybersecurity are inseparable. When you start integrating the Internet of Things (IoT) with infrastructure, a city cyber attack is, unfortunately, inevitable. But that doesn't mean it has to be successful.

< <https://www.govtech.com/sponsored/smart-cities-and-cybersecurity-protecting-citizens-from-malicious-attacks> https://www.govtech.com/sponsored/smart-cities-and-cybersecurity-protecting-citizens-from-malicious-attacks>

 

EU row over certificate authority mandates continues ahead of rule change

Organisations and companies representing the global tech sector are warning that a regulation adopted by the European Union will undermine security and trust in browsers worldwide, enable state-sponsored web traffic interception, and would be extra-territorial. ... ISOC and the Electronic Frontiers Foundation also warn that Article 45 blurs the line between a website’s identity and securing communications with that site using Transport Layer Security (TLS).

< <https://www.itnews.com.au/news/eu-row-over-certificate-authority-mandates-continues-ahead-of-rule-change-602062> https://www.itnews.com.au/news/eu-row-over-certificate-authority-mandates-continues-ahead-of-rule-change-602062>

 

**********************

INTERNET OF THINGS

**********************

Are IoT Safeguards Keeping Smart Homes Safe?

With IoT devices becoming an increasingly common and convenient addition to our daily lives, we examine whether the safeguards meant to maintain security and privacy when using these devices are actually effective.

< <https://labs.ripe.net/author/anna_maria_mandalari_2/are-iot-safeguards-keeping-smart-homes-safe/> https://labs.ripe.net/author/anna_maria_mandalari_2/are-iot-safeguards-keeping-smart-homes-safe/>

 

The IoT Cyber Seal Fog

For four days in Southern France, cybersecurity experts from a broad array of different countries and sectors gathered for the annual ETSI Security Conference. The event undertaken by one of the world's major industry information-communication (ICT) standards organisations was intended to take stock of the state of cybersecurity and trends.

< <https://circleid.com/posts/20231031-the-iot-cyber-seal-fog> https://circleid.com/posts/20231031-the-iot-cyber-seal-fog>

 

**********************

QUANTUM NETWORKING

**********************

New technologies on show at Quantum Showcase as Science Minister drives forward UK’s £2.5 billion Quantum Strategy [news release]

The Science Minister George Freeman will today (Thursday 2 November) outline the recipients of over £14 million in funding, aimed at benefiting the UK’s thriving quantum sector.

< <https://www.gov.uk/government/news/new-technologies-on-show-at-quantum-showcase-as-science-minister-drives-forward-uks-25-billion-quantum-strategy> https://www.gov.uk/government/news/new-technologies-on-show-at-quantum-showcase-as-science-minister-drives-forward-uks-25-billion-quantum-strategy>

 

Experts question EU report on emerging deep tech

Experts have criticised a new report by the European Innovation Council (EIC) on emerging deep technologies, breakthrough innovations, and early-stage research projects, calling into question its approach to quantum computing and semiconductors. The report by the EIC, a flagship initiative of the European Commission, looks to identify areas of emerging technologies related to the industry, space, health, and the environment to provide the foundation of development funding. But not everyone is convinced. According to experts, the report’s sections on semiconductors and quantum technologies are underwhelming, in particular lacking analysis of links to major EU legislative files such as the Chips Act and the latest developments in the field of quantum.

< <https://www.euractiv.com/section/research-innovation/news/experts-question-eu-report-on-emerging-deep-tech/> https://www.euractiv.com/section/research-innovation/news/experts-question-eu-report-on-emerging-deep-tech/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Highlights Issue 7 (November): Both Rel-18 and Rel-19 battle for centre stage as the first 5G-Advanced specs are published

In this issue of HIGHLIGHTS - The 3GPP Newsletter - we herald the availability of the first Release 18 specs and get the latest news from our experts on the stream of work that will now be unleashed as the release heads towards its functional freeze date - scheduled in March 2024 (ASN.1 freeze in June’24).

< <https://www.3gpp.org/news-events/3gpp-news/newsletter-issue7> https://www.3gpp.org/news-events/3gpp-news/newsletter-issue7>

 

Huawei completes verification of key 5G cellular low-power high-precision positioning technology

Huawei just announced that it has completed the verification of key 5G cellular low-power, high-precision positioning technology. The technology has been verified by China Mobile Suzhou, Shenzhen Metro Group, and AIS. The verification reveals that Huawei surpasses the 3GPP requirements for indoor positioning accuracy. According to Huawei, the positioning accuracy can reach up to 0.4 meters.

< <https://www.gizchina.com/2023/10/30/huawei-completes-verification-of-key-5g-cellular-low-power-high-precision-positioning-technology/> https://www.gizchina.com/2023/10/30/huawei-completes-verification-of-key-5g-cellular-low-power-high-precision-positioning-technology/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

W3C updates its 2023 Process Document

W3C has approved the updated 2023 Process Document, which takes effect today. The only change is expanding the W3C Technical Architecture Group (TAG) from 6 elected and 3 appointed participants to 8 elected and 3 appointed participants.

< <https://www.w3.org/news/2023/w3c-updates-its-2023-process-document/> https://www.w3.org/news/2023/w3c-updates-its-2023-process-document/>

 

IPv6-only in EVPN-VXLAN Fabrics

Many organizations are migrating away from traditional three-tier, spanning-tree datacenter and campus LANs to the newer EVPN-VXLAN architecture. This architecture is very flexible and allows for numerous implementation design options, however, the most common deployment is a leaf-spine, or Clos, design – so much so that leaf-spine EVPN-VXLAN LANs are the new de facto standard for datacenter and campus LANs alike.

< <https://blogs.infoblox.com/ipv6-coe/ipv6-only-in-evpn-vxlan-fabrics/> https://blogs.infoblox.com/ipv6-coe/ipv6-only-in-evpn-vxlan-fabrics/>

 

Understanding DNS query composition at B-Root

In order to better understand how the DNS network is used, my colleague Jelena Mirkovic (USC Information Sciences Institute) and I (Northeastern University) analysed 28 billion DNS query traces at a root server, B-Root.

< <https://blog.apnic.net/2023/11/01/understanding-dns-query-composition-at-b-root/> https://blog.apnic.net/2023/11/01/understanding-dns-query-composition-at-b-root/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home