[Newsclips] IETF SYN-ACK Newspack 2023-07-03

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Top A.I. minds just issued predictions about life in 2035 with one key warning: Our future hinges on ‘the good or ill intent’ of the next generation

It’s not just venture capitalists and billionaires making important predictions about A.I. A new, elaborate 232-page report from the Pew Research Center canvassed more than 300 experts across industries about the changes they predict by 2035 from technological developments. ... Jim Fenton, an IETF leader and 35-year veteran of the digital industry, says human rights will become an oxymoron. Science will be “hijacked” and only serve the interests of a potential ruling dictator class, and health and well-being will be exclusively reserved for a privileged few, he writes.

< <https://fortune.com/2023/07/01/top-a-i-minds-pew-predictions-life-in-2035/> https://fortune.com/2023/07/01/top-a-i-minds-pew-predictions-life-in-2035/> [subscription]

< <https://finance.yahoo.com/news/top-minds-just-issued-predictions-120000888.html> https://finance.yahoo.com/news/top-minds-just-issued-predictions-120000888.html>

< <https://www.msn.com/en-us/news/technology/what-does-the-future-hold-for-humanity-well-4-out-of-10-experts-said-they-were-equally-concerned-and-excited-about-the-changes-in-the-human-tech-evolution/ar-AA1diaAB> https://www.msn.com/en-us/news/technology/what-does-the-future-hold-for-humanity-well-4-out-of-10-experts-said-they-were-equally-concerned-and-excited-about-the-changes-in-the-human-tech-evolution/ar-AA1diaAB>

 

Signing data citations enables data verification and citation persistence

Abstract: Commonly used data citation practices rely on unverifiable retrieval methods which are susceptible to content drift, which occurs when the data associated with an identifier have been allowed to change. Based on our earlier work on reliable dataset identifiers, we propose signed citations, i.e., customary data citations extended to also include a standards-based, verifiable, unique, and fixed-length digital content signature. We show that content signatures enable independent verification of the cited content and can improve the persistence of the citation. Because content signatures are location- and storage-medium-agnostic, cited data can be copied to new locations to ensure their persistence across current and future storage media and data networks. As a result, content signatures can be leveraged to help scalably store, locate, access, and independently verify content across new and existing data infrastructures. Content signatures can also be embedded inside content to create robust, distributed knowledge graphs that can be cited using a single signed citation. We describe applications of signed citations to solve real-world data collection, identification, and citation challenges. ... In this article, we primarily present content signatures as hexadecimal-encoded content-hash URIs in part due to our opinion that it is more easily understood than other available formats – they are proper URIs; they explicitly identify an algorithm as the identifier’s authority (e.g., sha256 is the URI authority component), rather than an organization, location, or nothing at all; they use only one character as a separator; and the namespace hash is descriptive, not an acronym – but also because it is the format is used in the real-world data featured in the examples in our Methods section. Among other alternatives mentioned in the Related Work section, it is worth noting that the named identifier (ni) scheme24 is currently under review by the IETF.

< <https://www.nature.com/articles/s41597-023-02230-y> https://www.nature.com/articles/s41597-023-02230-y>

 

Domain verification using DNS

At the IETF, Shumon Huque, Paul Wouters, and I have been working on describing best practices for domain verification using the DNS. The Internet-Draft, titled ‘Domain Verification Techniques using DNS‘, has been adopted by the DNSOP Working Group as a Best Current Practice document. I began working on this when I was part of a DNS team where we had to deal with several domain verification DNS records.

< <https://blog.apnic.net/2023/06/26/domain-verification-using-dns/> https://blog.apnic.net/2023/06/26/domain-verification-using-dns/>

 

State of DNS rebinding in 2023

Different forms of DNS rebinding attacks have been described as far back as 1996 for Java Applets and 2002 for JavaScript (Quick-Swap). It has been four years since Gérald Doussot and I presented on the State of DNS Rebinding at DEF CON 27 (slides), where we introduced our DNS rebinding attack framework, Singularity of Origin. In 2020, we studied the impact of DNS over HTTPS (DoH) on DNS rebinding attacks. ... The reason for the random capitalization was the introduction of the IETF draft Use of Bit 0x20 in DNS Labels to Improve Transaction Identity. In January 2023, Google started deploying this feature in certain regions.

< <https://blog.apnic.net/2023/06/27/state-of-dns-rebinding-in-2023/> https://blog.apnic.net/2023/06/27/state-of-dns-rebinding-in-2023/>

 

Alfred Channon Morton

Alfred Channon Morton, Jr., died on Friday, June 9, 2023, in Chicago, IL. Al was a long time resident of the Jersey Shore, the son of Alfred Channon Morton Sr. and Margaret Cox Morton. He grew up in Sea Girt, lived in Oceanport for 40 years, before moving to Chicago with his wife in 2020. A 1973 graduate of Manasquan High School, Al received both his BSEE and MSEE from Monmouth College. He worked for Computer Sciences Corporation at Fort Monmouth's Satellite Communications Agency and then went to work directly with SATCOMA before beginning an almost 40 year career at Bell Labs/AT&T. In that capacity, Al was a proud contributor to many important internet standards through the Internet Engineering Taskforce (IETF) and the International Telecommunications Union (ITU). He was the author of more than 31 IETF RFC, several Linux Foundation projects, and the holder of several patents.

< <https://www.app.com/obituaries/asb295509> https://www.app.com/obituaries/asb295509>

 

Post-Quantum Cryptography Advances…Under the Hood

... There has been a lot of coverage on the anticipated advance of quantum computers: the boon they will bring to medicine, science, and chemistry; and the curse on IT security, with Shor’s algorithm sounding the death knell for traditional classic asymmetric cryptography, which underpins the security for most of what we do on the internet. For this blog post I decided to focus on some of the post-quantum cryptography (PQC) related activities that are going on as we speak, under-the-hood. I’m talking specifically about the IETF, who are tasked with preparing the public internet for a post-quantum world, figuring out how to retool and migrate the protocols and standards built on classical algorithms that we rely on extensively today.

< <https://www.entrust.com/blog/2023/06/post-quantum-cryptography-advancesunder-the-hood/> https://www.entrust.com/blog/2023/06/post-quantum-cryptography-advancesunder-the-hood/>

< <https://securityboulevard.com/2023/06/post-quantum-cryptography-advancesunder-the-hood/> https://securityboulevard.com/2023/06/post-quantum-cryptography-advancesunder-the-hood/>

 

Battling Network Throttling: Proven Methods to Regain Control of Your Internet Speed

... Network Layer Prioritization: The IP packet header contains a section known as ToS (Type of Service). This field has recently been adopted to work in conjunction with the IETF’s Differentiated Services (Diff-Serv) method. Diff-Serv involves the categorization and marking of packets.

< <https://www.techopedia.com/battling-network-throttling> https://www.techopedia.com/battling-network-throttling>

 

Safety at risk as tracking devices make it easy to locate victims

... Alerts from Bluetooth location-tracking devices like AirTags will no longer be specific to particular platforms, enabling users of iOS and Android platforms to detect and discover AirTags, which were previously incompatible with all devices. Apple and Google have also provided manufacturers with the principles for best practice, and instructions “if they were to build these capabilities into their products”. The plan has been submitted via the IETF, a leading standards development organisation in the US, with a three-month grace period for comments and reviews.

< <https://lsj.com.au/articles/safety-at-risk-as-tracking-devices-make-it-easy-to-locate-victims/> https://lsj.com.au/articles/safety-at-risk-as-tracking-devices-make-it-easy-to-locate-victims/>

 

Pourquoi le père d’Internet s’alarme de ce qui se passe en France: LPM vs Vinton Cerf [ Why the Father of the Internet is Alarming What's Is in France: LPM vs Vinton Cerf]

Le loi de programmation militaire contient un volet cyber qui offre des pouvoirs importants à l’agence nationale chargée de la cyberdéfense. Elle doit avoir des capacités de filtrage et de blocage en cas de risque pour la sécurité du pays. Cependant, les orientations techniques font controverse. ... Ce courrier, justement, n’est pas signé par n’importe qui. On trouve des figures pionnières dans la conception moderne d’Internet, ainsi que des personnalités à la tête d’organismes qui jouent un rôle clé dans la gestion du réseau des réseaux. En tout, douze personnes, représentant des instances comme l’IAB et l’IETF, ainsi que des associations comme l’Internet Society et l’EFF, ont signé.

< <https://www.numerama.com/politique/1428864-pourquoi-le-pere-dinternet-salarme-de-ce-qui-se-passe-en-france.html> https://www.numerama.com/politique/1428864-pourquoi-le-pere-dinternet-salarme-de-ce-qui-se-passe-en-france.html>

 

Blocage DNS en France : Vinton Cerf et d’autres personnalités mettent en garde les parlementaires

... Dans une lettre ouverte publiée le 23 juin, Vinton Cerf, cocréateur du protocole TCP/IP, a réuni autour de lui plusieurs personnalités de l’Internet et de la technique, dont Stephen Crocker, ancien président de l’ICANN, Mirja Kühlewind et Mallory Knodel de l’Internet Architecture Board, le polytechnicien David Schinazi, Alexis Hancock de l’Electronic Frontier Foundation (EFF) ou encore Erik Kline, l’un des directeurs de l’IETF. Objectif, alerter des dangers d’une telle loi.

< <https://www.nextinpact.com/article/71969/blocage-dns-en-france-vinton-cerf-et-dautres-personnalites-mettent-en-garde-parlementaires> https://www.nextinpact.com/article/71969/blocage-dns-en-france-vinton-cerf-et-dautres-personnalites-mettent-en-garde-parlementaires>

 

**********************

IETF COMMUNITY NOTES

**********************

RFC 9413 on Maintaining Robust Protocols: The IAB has published RFC 9413: Maintaining Robust Protocols.

Abstract: The main goal of the networking standards process is to enable the long-term interoperability of protocols. This document describes active protocol maintenance, a means to accomplish that goal. By evolving specifications and implementations, it is possible to reduce ambiguity over time and create a healthy ecosystem.

< <https://www.iab.org/2023/06/27/rfc-9413-on-maintaining-robust-protocols/> https://www.iab.org/2023/06/27/rfc-9413-on-maintaining-robust-protocols/>

 

Report from the 2023 IAB and IESG retreat by Mirja Kühlewind, IAB Chair

The Internet Engineering Steering Group (IESG) and Internet Architecture Board (IAB) held their annual retreat in Seattle on 8-12 May, with two days for each group and a joint day in the middle.

< <https://www.ietf.org/blog/iab-and-iesg-retreat-2023/> https://www.ietf.org/blog/iab-and-iesg-retreat-2023/>

 

**********************

SECURITY & PRIVACY

**********************

DNS is once again front and center for exploits and security policy

Two recent events are once again bringing the internet’s foundational DNS into the news, and not in a good way. The first event involving the DNS last week was a warning from the Cybersecurity Infrastructure and Security Agency issued on Friday for version 9 of the Berkeley Internet Name Domain, or BIND.

< <https://siliconangle.com/2023/06/26/domain-name-system-front-center-exploits-security-policy/> https://siliconangle.com/2023/06/26/domain-name-system-front-center-exploits-security-policy/>

 

MANRS Readiness Scores to be Made Public for Network Operator Participants

This July, the MANRS Readiness Scores will be made public on the MANRS website under the Network Operators Participants directory, replacing the tick marks next to Actions 2, 3, and 4. We will be adding the MANRS Readiness Score for Action 1 at a later date.

< <https://www.manrs.org/2023/06/manrs-readiness-scores-to-be-made-public-for-network-operator-participants/> https://www.manrs.org/2023/06/manrs-readiness-scores-to-be-made-public-for-network-operator-participants/>

 

Register Now for the 2023 Routing Security Summit

Join us from 17 to 20 July for a series of virtual tutorials and panel discussions as we highlight the importance of routing security and encourage decision-makers and network operators to take real steps toward improving the security and resilience of the global routing infrastructure.

< <https://www.manrs.org/2023/06/register-now-for-the-2023-routing-security-summit/> https://www.manrs.org/2023/06/register-now-for-the-2023-routing-security-summit/>

 

ITU Journal shares new research on network orchestration and security

The latest issue of the ITU Journal on Future and Evolving Technologies features research on network orchestration and security for 5G and beyond, sharing insights on advances in network intelligence and automation helping to meet rapidly evolving service demands.

< <https://www.itu.int/hub/2023/06/itu-journal-shares-new-research-on-network-orchestration-and-security/> https://www.itu.int/hub/2023/06/itu-journal-shares-new-research-on-network-orchestration-and-security/>

 

**********************

INTERNET OF THINGS

**********************

Embedded IoT Security: Helping Vendors in the Design Process

With the number of IoT devices on track to exceed 30 billion within the next couple of years, CIS has created a resource that will help IoT vendors ease the process of building in security by design and by default.

< <https://labs.ripe.net/author/kathleen_moriarty/embedded-iot-security-helping-vendors-in-the-design-process/> https://labs.ripe.net/author/kathleen_moriarty/embedded-iot-security-helping-vendors-in-the-design-process/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Cisco firewall upgrade boosts visibility into encrypted traffic

... “Typically, organisations would decrypt traffic at the firewall, analyse it, then re-encrypt it before allowing it into the network. However, modern encryption protocols such as TLS 1.3 and QUIC [part of the 7.4 release] make it even more difficult to gain visibility,” Miles said.

< <https://www.arnnet.com.au/article/707869/cisco-firewall-upgrade-boosts-visibility-into-encrypted-traffic/> https://www.arnnet.com.au/article/707869/cisco-firewall-upgrade-boosts-visibility-into-encrypted-traffic/>

 

CDNetworks befähigt das Streaming-Geschäft in APAC durch die neueste vollständige Unterstützung von QUIC und HTTP/3 [CDNetworks empowers streaming business in APAC with the latest full support from QUIC and HTTP/3]

CDNetworks, ein führendes Netzwerk in der APAC-Region für die Bereitstellung von Edge-as-a-Service, wird durch seine kürzlich erfolgte umfassende Plattformunterstützung für QUIC und HTTP/3 weiter gestärkt und sichert sich damit seine Position als führender Anbieter für Medienlieferungen in der APAC-Region.

< <https://www.silicon.de/brandvoice/cdnetworks-befaehigt-das-streaming-geschaeft-in-apac-durch-die-neueste-vollstaendige-unterstuetzung-von-quic-und-http-3> https://www.silicon.de/brandvoice/cdnetworks-befaehigt-das-streaming-geschaeft-in-apac-durch-die-neueste-vollstaendige-unterstuetzung-von-quic-und-http-3>

 

**********************

QUANTUM NETWORKING

**********************

Post-Quantum Cryptography Advances…Under the Hood

A typical scene at a car enthusiasts motorhead event involves souped-up cars with their hoods propped open and a bunch of grease monkeys gathered around staring at the powerful V12 combustion engine. With the migration to electric cars it is probably a scene that will start to phase out over time. A bit like classical asymmetric cryptography!

< <https://www.entrust.com/blog/2023/06/post-quantum-cryptography-advancesunder-the-hood/> https://www.entrust.com/blog/2023/06/post-quantum-cryptography-advancesunder-the-hood/>

< <https://securityboulevard.com/2023/06/post-quantum-cryptography-advancesunder-the-hood/> https://securityboulevard.com/2023/06/post-quantum-cryptography-advancesunder-the-hood/>

 

Germany team demonstrates single-photon erbium emitters: Max Planck and TU Munich researchers say development looks ideal for quantum-encrypted optical networking.

Researchers in southern Germany made a novel optical resonator that they say looks ideal for the construction of quantum networks.

< <https://optics.org/news/14/6/33> https://optics.org/news/14/6/33>

 

Nokia and Proximus Successfully Establish First Quantum-Resistant Optical Network Connection

Nokia and its partners yesterday announced the successful completion of Europe’s first live hybrid quantum encryption key trial with Proximus. Using technology from Nokia, ID Quantique and evolutionQ, Proximus was able to establish a quantum-safe optical network connection using quantum key distribution (QKD) to successfully encrypt and transmit data between two datacenters located in Brussels and Mechelen, Belgium.

< <https://www.thefastmode.com/technology-solutions/32481-nokia-and-proximus-successfully-establish-first-quantum-resistant-optical-network-connection> https://www.thefastmode.com/technology-solutions/32481-nokia-and-proximus-successfully-establish-first-quantum-resistant-optical-network-connection>

 

Space-based quantum networking in the presence of a nuclear disturbed environment...

Abstract: Space-based quantum networks provide a means for near-term long-distance transmission of quantum information. This article analyzed the performance of a downlink quantum network between a low-Earth-orbit satellite and an observatory operating in less-than-ideal atmospheric conditions. The effects from fog, haze, and a nuclear disturbed environment on the long-range distribution of quantum states were investigated.

< <https://www.ornl.gov/publication/space-based-quantum-networking-presence-nuclear-disturbed-environment> https://www.ornl.gov/publication/space-based-quantum-networking-presence-nuclear-disturbed-environment>

 

AWS sees role for quantum in data protection, but not for years

The capabilities of quantum computing are years -- and potentially decades -- away from enterprise adoption. Still, AWS sees potential in laying the infrastructure groundwork for quantum services and applications now to establish a baseline ahead of rival vendors like IBM or Microsoft Azure. At its Center for Quantum Networking, AWS is researching and developing how to expand its footprint in quantum computing, which uses unique behaviors of quantum physics to solve intricate problems such as biological or financial simulations faster than existing computing methods. While faster, quantum computing currently relies on complex and fragile quantum networks to move data around, a problem the AWS Center is working to solve.

< <https://www.techtarget.com/searchdatabackup/news/366543239/AWS-sees-role-for-quantum-in-data-protection-but-not-for-years> https://www.techtarget.com/searchdatabackup/news/366543239/AWS-sees-role-for-quantum-in-data-protection-but-not-for-years>

 

Peek inside the lab working on quantum memories

Almost a year ago, Amazon Web Services (AWS) announced that it was partnering with Harvard University to test and develop a quantum network. In late June this year, AWS opened up its labs and let media outlets, including Popular Science, peep at its early models of a quantum repeater, which is similar to a classical amplifier that carry optical signals down long stretches of fiber.

< <https://www.popsci.com/technology/aws-quantum-memory/> https://www.popsci.com/technology/aws-quantum-memory/>

 

Why is Amazon super-chilling quantum particles in Brighton?

One of the coldest spots in the universe pops into existence periodically in a one-story office building near Harvard Stadium. The unlabeled office houses a quantum-networking research effort of cloud-computing giant Amazon. The lab space includes deep refrigeration equipment that can reach temperatures just a fraction of a degree above absolute zero, or minus-460 degrees Fahrenheit — the point at which all atomic movement ceases. That’s because quantum computers and networks — which are still in experimental stages — need to be kept super-cold to best harness their properties on a quantum scale.

< <https://www.bostonglobe.com/2023/06/29/business/why-is-amazon-super-chilling-quantum-particles-brighton/> https://www.bostonglobe.com/2023/06/29/business/why-is-amazon-super-chilling-quantum-particles-brighton/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

It's time to mark six decades of computer networking

Systems Approach Next week I am heading to Edinburgh University, where I did my PhD back in the 1980s, to give a lecture as part of the events celebrating 60 years of Computer Science and Artificial Intelligence at Edinburgh.

< <https://www.theregister.com/2023/06/28/60_years_of_networking/> https://www.theregister.com/2023/06/28/60_years_of_networking/>

 

Happy 50th Birthday Ethernet

Some 50 years ago, at the Palo Alto Research Centre of that renowned photocopier company Xerox, a revolutionary approach to local digital networks was born. On the 22nd of May 1973 Bob Metcalf authored a memo that described "X-Wire", a 3Mbps common bus office network system developed at Xerox's Palo Alto Research Center (PARC). There are very few networking technologies from the early 70's that have proved to be so resilient (TCP/IP is the only other major networking technology from that era that I can recall), so it’s worth looking at Ethernet a little closer in order to see why it has enjoyed such an unusual longevity.

< <https://www.potaroo.net/ispcol/2023-06/ethernet.html> https://www.potaroo.net/ispcol/2023-06/ethernet.html>

< <https://blog.apnic.net/2023/06/29/happy-50th-birthday-ethernet/> https://blog.apnic.net/2023/06/29/happy-50th-birthday-ethernet/>

 

nl: Business community positive about focus on open internet standards

Is the business community aware of open standards for securing e-mail and websites? And willing to get to grips with them? A firm "Yes" was the answer we got from the SIDN Panel when we asked about the importance of websites and e-mail to their organisations, and about their knowledge of the standards. The Internet.nl test utility was well received and got respondents' interest. The consensus was that more attention should be given to the use of secure, modern internet standards.

< <https://www.sidn.nl/en/news-and-blogs/business-community-positive-about-focus-on-open-internet-standards> https://www.sidn.nl/en/news-and-blogs/business-community-positive-about-focus-on-open-internet-standards>

 

A Further Update on IPv6 Extension Headers

Following the publication of RFC 7872 in 2016, a number of research teams have been looking at the nature of network and host behaviours in discarding IPv6 packets with various Extension Headers (EH). The findings reported in RFC 7872 were a significant level of packet loss (“significant” being above 10% in all cases) for IPv6 packets that contained Extension Headers that carried Destination Options, Hop by Hop Options and Fragmentation Controls.

< <https://www.potaroo.net/ispcol/2023-06/eh.html> https://www.potaroo.net/ispcol/2023-06/eh.html>

 

cz: CSNOG Community Meeting 2024 will take place on January 23-24 in Zlín

The sixth edition of the Czech and Slovak network administrators’ meeting - CSNOG 2024 - will take place next year on January 23-24 in the premises of Tomas Bata University in Zlín.

< <https://www.nic.cz/page/4381/csnog-community-meeting-2024-will-take-place-on-january-23-24-in-zlin/> https://www.nic.cz/page/4381/csnog-community-meeting-2024-will-take-place-on-january-23-24-in-zlin/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home