[Newsclips] IETF SYN-ACK Newspack 2021-12-06

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

 

**********************

IETF IN THE NEWS

**********************

Notes from RIPE 83 by Geoff Huston

The RIPE community held a meeting in November 2021. Like most community meetings in these COVID-blighted times, it was a virtual meeting. Here are my notes from a few presentations that piqued my interest. All the material presented at the meeting is available from the RIPE 83 website.

< <https://www.potaroo.net/ispcol/2021-12/ripe83.html> https://www.potaroo.net/ispcol/2021-12/ripe83.html>

< <https://blog.apnic.net/2021/12/03/notes-from-ripe-83/> https://blog.apnic.net/2021/12/03/notes-from-ripe-83/>

 

Event Wrap: IETF 112

APNIC participated in IETF 112, held online from 6 to 12 November 2021. The event welcomed 1,344 participants. As well as the usual tracks, there was also a Hackathon, which had 20 projects. Visit the agenda for more information.

< <https://blog.apnic.net/2021/11/30/event-wrap-ietf-112/> https://blog.apnic.net/2021/11/30/event-wrap-ietf-112/>

 

Help develop the DNS Data Dictionary by Steve Crocker

The Internet today is a large and dynamic ecosystem that still relies on tools and processes, such as whois, that were designed for a simpler environment. ... We hope to have more input from interested individuals to guide the expansion of the DNS Data Dictionary while it is in draft stage. If and when it is approved as an RFC, further changes will go through the usual IETF expert review process (see RFC 8126/BCP 26 if you need a refresher on the expert review process).

< <https://blog.apnic.net/2021/12/02/help-develop-the-dns-data-dictionary/> https://blog.apnic.net/2021/12/02/help-develop-the-dns-data-dictionary/>

 

Working latency — the next QoE frontier by Jason Livingood

For the past 25 years, network engineers have had one simple answer for home users who want to improve the quality of their Internet experience (QoE): increase your connection throughput (speed). But in recent years, some of us have recognized there is another important factor at play — latency. ... I recently co-wrote a paper about the performance of AQM on Comcast’s network in the United States during the COVID-19 pandemic. I presented this in a lightning talk at the Internet Research Task Force (IRTF) Measurement and Analysis for Protocols Research Group (MAPRG) meeting session at the 111th meeting of the IETF.

< <https://blog.apnic.net/2021/12/02/working-latency-the-next-qoe-frontier/> https://blog.apnic.net/2021/12/02/working-latency-the-next-qoe-frontier/>

 

IETF 112: How do we get the remaining 2.9 billion people online?

IETF 112 took place in early November, where close to 1,200 people participated to further the IETF's mission of “making the internet work better”. One of the presentations was about getting more people online under the title of GAIA – Global Access to the Internet for All – which focussed on unlocking internet access for people in rural areas, particularly those in less developed countries. But developed countries also have their challenges in reaching those not yet online.

< <https://centr.org/news/news/ietf112-gaia.html> https://centr.org/news/news/ietf112-gaia.html>

 

We Need to Stop Saying ‘Blacklist’ and ‘Whitelist’

... Another standards organization, the IETF argued in a document published in 2018 that “like master-slave, the metaphorical use of white-black to connote good-evil is oppressive. While master-slave might seem like a more egregious example of racism, white-black is arguably worse because it is more pervasive and therefore more sinister.”

< <https://www.vice.com/en/article/v7dd3d/we-need-to-stop-saying-blacklist-and-whitelist> https://www.vice.com/en/article/v7dd3d/we-need-to-stop-saying-blacklist-and-whitelist>

 

IT: Produkte, Standards und Abhängigkeiten | Teil II [IT: Products, standards and dependencies | Part II]

... Die IETF hat sich zum Ziel gesetzt, das Internet besser funktionieren zu lassen, indem sie qualitativ hochwertige, relevante technische Dokumente erstellt, welche die Art und Weise beeinflussen, wie Menschen das Internet gestalten, nutzen und verwalten. Diese Dokumente sind als RFC (Request for Comment) öffentlich und kostenfrei zugänglich. Auch bei der IETF kommen weitgehend Anbieterinteressen zum Zug.

< <https://www.moneytoday.ch/news/it-produkte-standards-und-abhaengigkeiten-teil-ii> https://www.moneytoday.ch/news/it-produkte-standards-und-abhaengigkeiten-teil-ii>

 

Neue Ideen der EFF, um mehr aus den alten IPv4-Adressen rauszukitzeln [New ideas from the EFF to get more out of the old IPv4 addresses]

... Dabei verwahren sich Schoen und Gilmore ausdrücklich dagegen, zu entscheiden, was mit diesen Adressen passiert bzw. wer sie vergeben soll. Darüber sollen wie bisher die zuständigen Organisationen wie IETF, IANA oder ICANN entscheiden.

< <https://domain-recht.de/domain-registrierung/ipv6/ipv4-neue-ideen-der-eff-um-mehr-aus-den-alten-ipv4-adressen-rauszukitzeln-68191.html> https://domain-recht.de/domain-registrierung/ipv6/ipv4-neue-ideen-der-eff-um-mehr-aus-den-alten-ipv4-adressen-rauszukitzeln-68191.html>

 

Privacy e futuro del digital marketing: aspettative e problemi ancora da risolvere [Privacy and the future of digital marketing: expectations and problems still to be solved]

... Si ricorda oltretutto, nel report, che lo strumento principe di questa attività, cioè il cookie, era stato varato per permettere ai siti web di storicizzare e tenere conto delle visite pregresse degli utenti, per fini prevalentemente tecnici. L’Internet Engineering Taskforce (IETF) nel 1997 ne indicava un uso limitato al sito prima parte, per consentire l’utilizzo del sito web visitato e un necessario controllo da parte dell’utente. L’evoluzione seguente di tale strumento (cookie di terze parti, uso marketing, tracciamento cross-site, opacità informativa e consensuale, ecc.) viene additata dall’ICO come paradigma di ciò che può accadere quanto non si considerano i rischi delle tecnologie e non si approntano garanzie e rimedi per arginarli.

< <https://www.cybersecurity360.it/legal/privacy-dati-personali/privacy-e-futuro-del-digital-marketing-aspettative-e-problemi-ancora-da-risolvere/> https://www.cybersecurity360.it/legal/privacy-dati-personali/privacy-e-futuro-del-digital-marketing-aspettative-e-problemi-ancora-da-risolvere/>

 

Kurumlar Veri ve Dijital Kaynaklarını Nasıl Koruyabilir? [How Can Organizations Protect Their Data and Digital Resources?]

... Buna ek olarak, IETF’de (Internet Mühendisliği Görev Gücü) devam etmekte olan bir standardizasyon faaliyeti olan BGPSec de hayata geçecek. RPKI’nin kriptografik yapı taşlarının bir kısmını da kullanan BGPSec ile birlikte RPKI’ye dayalı bir kaynak doğrulama olursa, hırsızlıklara karşı tam güvenliğiniz olur. Bununla birlikte, BGPSec hala standardizasyon aşamasında ve ne yazık ki büyük bir dezavantajı var: İnternet yönlendiricilerinde çoğu kaynak yoğun ve uygulamaya geçmesi için de hala en az birkaç yıl var – bu yüzden kesinlikle kısa vadeli bir düzenleme değil.

< <https://www.itnetwork.com.tr/kurumlar-veri-ve-dijital-kaynaklarini-nasil-koruyabilir/> https://www.itnetwork.com.tr/kurumlar-veri-ve-dijital-kaynaklarini-nasil-koruyabilir/>

 

Analýza šifrovaného provozu pomocí síťových toků [Analyze encrypted traffic using network flows]

... Šifrovaná komunikace se v dnešní době stává výchozím způsobem přenosu dat, a proto většina komunikace na internetu již probíhá šifrovaně. Velký rozmach zabezpečené komunikace spustila aktivita kolem automatizace vydávání certifikátů pro TLS především pro webové služby a to zdarma (iniciativa Let's Encrypt) – pomocí protokolu ACME standardizovaného komunitou IETF.

< <https://www.root.cz/clanky/analyza-sifrovaneho-provozu-pomoci-sitovych-toku/> https://www.root.cz/clanky/analyza-sifrovaneho-provozu-pomoci-sitovych-toku/>

 

意外と知られていない通信の基本、「プロトコル」について [Basics of communication that are not surprisingly known, about "protocols]

... このようなプロトコルの仕様を定めることを、標準化（Standardization）という。インターネットプロトコル標準化作業は主に、IETFで行なわれ、仕様はRFC（Request for Comments）という形で公開されている。一例を示すと、インターネット接続ではTCP/IPプロトコルが使用されている。TCP/IPとは、正確にはTCP（Transmission Control Protocol）とIP（Internet Protocol）という2つのプロトコルのことを示している。

< <https://ascii.jp/elem/000/004/076/4076526/> https://ascii.jp/elem/000/004/076/4076526/>

< <https://news.mynavi.jp/techplus/kikaku/20211203-security_frontline_v135/> https://news.mynavi.jp/techplus/kikaku/20211203-security_frontline_v135/>

 

元宇宙对网络技术的挑战 [Meta universe’s challenge to network technology]

... 在IP协议的基础上，互联网技术通过各种创新，来满足不断涌现的新型终端和应用的需求。比如，为了满足数据中心网络超高带宽和超低时延的需求，传送层协议就从广域网使用的TCP升级为RDMA/RoCE；为了满足工控网络对确定性时延的需求，目前IETF也成立了DETNET（确定性网络）工作组专门制定有关RFC标准。对于元宇宙向网络技术提出的新需求，互联网也会通过同样的方式来应对。

< <https://www.eet-china.com/mp/a94381.html> https://www.eet-china.com/mp/a94381.html>

 

Блокчейн QRL: постквантовая криптография и безопасность криптоактивов [QRL Blockchain: Post-Quantum Cryptography and Crypto Asset Security]

... QRL - первый рабочий блокчейн, использующий одобренную Инженерным советом Интернета (IETF) схему подписей XMSS. Это расширенная схема подписи Меркла на основе хешей и многократно используемыми адресами, одобренная Национальным институтом стандартов и технологий США (NIST)

< <https://bits.media/pr/blokcheyn-qrl-postkvantovaya-kriptografiya-i-bezopasnost-kriptoaktivov/> https://bits.media/pr/blokcheyn-qrl-postkvantovaya-kriptografiya-i-bezopasnost-kriptoaktivov/>

 

**********************

SECURITY & PRIVACY

**********************

us: NIST Releases Version 1.1 of its Popular Cybersecurity Framework

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework.

< <https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework> https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework>

 

How Decryption of Network Traffic Can Improve Security

Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.

< <https://threatpost.com/decryption-improve-security/176613/> https://threatpost.com/decryption-improve-security/176613/>

 

FortiGuard Labs Predicts Cyberattacks Aimed at Everything From Crypto Wallets to Satellite Internet

Advanced Persistent Cybercrime Techniques Mean More Destructive Ransomware and Supply Chain Attacks

< <https://investor.fortinet.com/news-releases/news-release-details/fortiguard-labs-predicts-cyberattacks-aimed-everything-crypto> https://investor.fortinet.com/news-releases/news-release-details/fortiguard-labs-predicts-cyberattacks-aimed-everything-crypto>

 

Compromised Sites and Malicious Registrations: Best Practices for the Identification and Mitigation of DNS Abuse by Graeme Bunton, Director of the DNS Abuse Institute

One of the more interesting revelations from University of Grenoble Associate Professor Maciej Korczyński during the DNS Abuse Institute’s 2nd Online forum was that a substantial percentage of domains involved in malware and phishing were not registered specifically to cause harm, but were in fact benign domains being used by websites that had been compromised.

< <https://dnsabuseinstitute.org/best-practices-identification-mitigation-of-dns-abuse/> https://dnsabuseinstitute.org/best-practices-identification-mitigation-of-dns-abuse/>

 

us: Preventing the Most Common Cyber Attacks with Cybersecurity Training

Many offices are operating with a hybrid of remote and in-person workspaces as the COVID-19 pandemic continues and evolves. Wherever your team is located, security continues to be everyone's responsibility. A refresher course in cybersecurity is a great way to help employees get back in the swing, and re-establish security best practices they may have forgotten.

< <https://www.cisecurity.org/blog/preventing-the-most-common-cyber-attacks-with-cybersecurity-training/> https://www.cisecurity.org/blog/preventing-the-most-common-cyber-attacks-with-cybersecurity-training/>

 

eu: National Cybersecurity Strategies: with a vision on raising citizens’ awareness

The European Union Agency for Cybersecurity (ENISA) under the framework of its 9th National Cybersecurity Strategies (NCSS) workshop, issued a report on cybersecurity awareness, with the aim to assist EU Member States in fostering their cybersecurity capacities on citizens.

< <https://www.enisa.europa.eu/news/enisa-news/national-cybersecurity-strategies-with-a-vision-on-raising-citizens2019-awareness> https://www.enisa.europa.eu/news/enisa-news/national-cybersecurity-strategies-with-a-vision-on-raising-citizens2019-awareness>

 

**********************

INTERNET OF THINGS

**********************

Why the Luster on Once-Vaunted ‘Smart Cities’ Is Fading

“Smart cities” built from scratch have so far failed to live up to their much-hyped promise. Some critics argue that rather than grafting a new city onto the landscape, it is better to integrate high-tech for clean, efficient energy and transportation into existing cities.

< <https://e360.yale.edu/features/why-the-luster-is-fading-on-once-vaunted-smart-cities> https://e360.yale.edu/features/why-the-luster-is-fading-on-once-vaunted-smart-cities>

 

5G rollouts offer ‘internet of things’ a more sophisticated outlook

The “internet of things” (IoT) is often used as a catch-all phrase to describe the disparate items that use sensors to gather data — from driverless cars, to “smart cows”, to connected refrigerators, to robotic factories.

< <https://www.ft.com/content/1a274206-59df-4d97-9228-c1cfd50c040f> https://www.ft.com/content/1a274206-59df-4d97-9228-c1cfd50c040f>

 

Internet of things hiring levels in the railway industry rose in November 2021

The proportion of railway equipment supply, product and services companies hiring for internet of things related positions rose significantly in November 2021 compared with the equivalent month last year, with 21.3% of the companies included in our analysis recruiting for at least one such position.

< <https://www.railway-technology.com/features/internet-of-things-hiring-levels-in-the-railway-industry-rose-in-november-2021/> https://www.railway-technology.com/features/internet-of-things-hiring-levels-in-the-railway-industry-rose-in-november-2021/>

 

Criminal intent: How the ‘Internet of Things’ can also be a threat

5G is the newest set of technologies for broadband cellular networks, making mobile phones, homes, fridges and even toilets smarter and more efficient.

< <https://lens.monash.edu/@politics-society/2021/12/01/1384092/criminal-intent-how-the-internet-of-things-can-also-be-a-threat> https://lens.monash.edu/@politics-society/2021/12/01/1384092/criminal-intent-how-the-internet-of-things-can-also-be-a-threat>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

The Evolution of the Internet

The Internet Society in partnership with African Technical Internet organizations also known as Af* also will present a webinar to discuss the New IP proposals, their consequences on the Internet, and the implications for the network environment in Africa.

< <https://www.internetsociety.org/events/the-evolution-of-the-internet/> https://www.internetsociety.org/events/the-evolution-of-the-internet/>

 

Nine WiFi routers used by millions were vulnerable to 226 flaws

... The vendor responses to CHIP (translated) were the following: ... Netgear: At Netgear they worked hard and took a close look at all problems. Netgear sees some of the "high" issues as less of a problem. There are updates for DNSmasq and iPerf, other reported problems should be observed first. ... TP-Link: With updates from BusyBox, CURL and DNSmasq, TP-Link eliminates many problems. There is no new kernel, but they plan more than 50 fixes for the operating system

< <https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/> https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/>

 

Une nuée de failles dans des routeurs WiFi [A swarm of flaws in WiFi routers]

... Les constructeurs ont rapidement réagi en annonçant des correctifs aux vulnérabilités trouvées par les spécialistes. Asus par exemple a indiqué avoir corrigé la version obsolète de BusyBox, et il existe également des mises à jour pour "curl" et le serveur web. D-Link a aussi actualisé son firmware. Netgear a analysé en profondeur les différents problèmes et a corrigé en priorité DNSmasq et iPerf.

< <https://www.lemondeinformatique.fr/actualites/lire-une-nuee-de-failles-dans-des-routeurs-wifi-85014.html> https://www.lemondeinformatique.fr/actualites/lire-une-nuee-de-failles-dans-des-routeurs-wifi-85014.html>

 

**********************

OTHERWISE NOTEWORTHY

**********************

A Global ICANN Resolver Operator Forum Announced

The ICANN organization is pleased to announce a new forum intended for DNS resolver operators and experts from across the world. The ICANN Resolver Operator Forum will provide opportunities for participants to compare experiences, discuss best practices, and to network.

< <https://www.icann.org/en/announcements/details/a-global-icann-resolver-operator-forum-announced-2-12-2021-en> https://www.icann.org/en/announcements/details/a-global-icann-resolver-operator-forum-announced-2-12-2021-en>

 

DNS OARC 36 by Geoff Huston 

It’s conference and workshop season right now, and November has been unusually busy this year. At the end of the month was the DNS Operations and Research meeting, DNS-OARC 36. These are my notes from those presentations that I found to be of interest.

< <https://www.potaroo.net/ispcol/2021-12/oarc36.html> https://www.potaroo.net/ispcol/2021-12/oarc36.html>

 

MOW complaints about W3C

We are aware of a complaint from “Movement for an Open Web” (Marketers For An Open Web Limited) that accuses W3C of “favouring the giant tech corporations in its procedures and decision-making and failing to comply with antitrust laws.” We have seen only the public statement on their website. These allegations have no basis in fact.

< <https://www.w3.org/blog/2021/12/mow-complaints-about-w3c/> https://www.w3.org/blog/2021/12/mow-complaints-about-w3c/>

 

Sir Tim Berners-Lee's global internet standards body W3C is 'no longer fit for purpose after being hijacked by Google', claim campaigners

The global internet standards organisation set up by World Wide Web inventor Sir Tim Berners-Lee is now 'no longer fit for purpose', campaigners claimed today.

< <https://www.nytimespost.com/sir-tim-berners-lees-internet-body-w3c-is-no-longer-fit-for-purpose/> https://www.nytimespost.com/sir-tim-berners-lees-internet-body-w3c-is-no-longer-fit-for-purpose/>

< <https://www.dailymail.co.uk/news/article-10267881/Sir-Tim-Berners-Lees-internet-body-W3C-no-longer-fit-purpose.html> https://www.dailymail.co.uk/news/article-10267881/Sir-Tim-Berners-Lees-internet-body-W3C-no-longer-fit-purpose.html>

 

1 in 3 people around the world have never used the Internet, a U.N. report estimates

Around 37 percent of the world’s population, or 2.9 billion people, have still never used the Internet — and most of them live in developing countries, according to an estimate from a U.N. agency for information and communication technologies.

< <https://www.washingtonpost.com/world/2021/12/01/global-internet-usage/> https://www.washingtonpost.com/world/2021/12/01/global-internet-usage/>

 

More than a third of world’s population have never used internet, says UN

Nearly 3 billion people – or 37% of the world’s population – have never used the internet, according to the United Nations, despite the Covid-19 pandemic driving people online.

< <https://www.theguardian.com/technology/2021/nov/30/more-than-a-third-of-worlds-population-has-never-used-the-internet-says-un> https://www.theguardian.com/technology/2021/nov/30/more-than-a-third-of-worlds-population-has-never-used-the-internet-says-un>

 

2.9 billion people still offline: New data from ITU suggest ‘COVID connectivity boost’ – but world’s poorest being left far behind

​​​An estimated 37 per cent of the world's population – or 2.9 billion people – have still never used the Internet. New data from the International Telecommunication Union (ITU), the United Nations specialized agency for information and communication technologies (ICTs), also reveal strong global growth in Internet use, with the estimated number of people who have used the Internet surging to 4.9 billion in 2021, from an estimated 4.1 billion in 2019.

< <https://www.itu.int/en/mediacentre/Pages/PR-2021-11-29-FactsFigures.aspx> https://www.itu.int/en/mediacentre/Pages/PR-2021-11-29-FactsFigures.aspx>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home