[Newsclips] IETF SYN-ACK Newspack 2021-05-31

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

The IETF Evolution by Anthony Rutkowski

The IETF is a collaborative body that has developed internetworking specifications for more than five decades, successfully shaping the global marketplace of digital network equipment and services. Beginning as a kind of distributed think tank among network researchers in 1969, it evolved to become one of the world's most influential standards bodies.

< <https://www.circleid.com/posts/20210526-the-ietf-evolution/> https://www.circleid.com/posts/20210526-the-ietf-evolution/>

 

DNS OARC 35 by Geoff Huston

The DNS Operations, Analysis, and Research Centre (DNS-OARC) convened OARC-35 at the start of May. Here's some thoughts on a few presentations at that meeting that caught my attention. ... DNS Cookies were standardised in the IETF in 2016 (RFC 7873) and are intended to be a lightweight security mechanism that provides some protection against some off-path attacks in the DNS, “Some level of protection” is a deliberately vague term, of course, but it is intended to describe that this is comparable to the protection provided by DNS over TCP, but without incurring the additional costs imposed by supporting TCP sessions. In other words, the server can assume that source address of a query is not spoofed, and this query is not part of a reflection attack.

< <https://www.potaroo.net/ispcol/2021-05/oarc35.html> https://www.potaroo.net/ispcol/2021-05/oarc35.html>

< <https://blog.apnic.net/2021/05/25/notes-from-dns-oarc-35/> https://blog.apnic.net/2021/05/25/notes-from-dns-oarc-35/>

 

What Is the Best Way to Purge Master and Slave Terms From Engineering Documents?

The recent movement to greater racial equality and awareness has affected many aspects of our lives and professional work. As a result, even the technical community has come under scrutiny. Perhaps this is most apparent in the long-standing use of the words master and slave to describe electronic components and network interactions.

< <https://www.designnews.com/electronics/what-best-way-purge-master-and-slave-terms-engineering-documents> https://www.designnews.com/electronics/what-best-way-purge-master-and-slave-terms-engineering-documents>

 

The human factor — why data is not enough to understand the world

A couple of years ago, staff at a Google “tech incubator” called Jigsaw made an important breakthrough: they realised that while their company has come to epitomise the power of technology, there are some problems that computers alone cannot solve. Or not, at least, without humans. ... This might seem odd; after all, the Internet Engineering Task Force is the group that built the internet and computer geeks appear to live in a “rational”, maths-based world. But the IETF has embraced this “fuzzy” ritual in recent years because the techies like being able to sense the mood of the entire group via humming — and get the type of multidimensional information that simple “yes-no” votes cannot reveal.

< <https://www.ft.com/content/4f00469c-75da-4e29-baf3-b7bec470732c> https://www.ft.com/content/4f00469c-75da-4e29-baf3-b7bec470732c>

 

uk: Guidance: NTE 2021/03: information security items update

... All items specified in Schedule 1 of the new licence must only use: standard encryption algorithms that have been approved or adopted by recognised international standards bodies (examples: 3GPP, ETSI, GSMA, IEEE, IETF, ISO, ITU, TIA)

< <https://www.gov.uk/government/publications/notice-to-exporters-202103-information-security-items-update/notice-to-exporters-202103-information-security-items-update> https://www.gov.uk/government/publications/notice-to-exporters-202103-information-security-items-update/notice-to-exporters-202103-information-security-items-update>

 

Who is leading the 5G patent race for edge computing?

... Figure 2, however, shows that most standards contributions describing edge computing have been submitted to connectivity standards such as 4G and 5G followed by local area network standards such as the IEEE 802.11 series (Wi-Fi) or the IEEE 802.24, IEEE 802.19, IEEE 802.15 series, as well as Internet Engineering Task Force standards.

< <https://www.managingip.com/article/b1rznbcc4dsk23/who-is-leading-the-5g-patent-race-for-edge-computing> https://www.managingip.com/article/b1rznbcc4dsk23/who-is-leading-the-5g-patent-race-for-edge-computing>

 

Edge DNS Secondary Implementation: Order of Operations for NS Zone and Registrar Records

... 1. While the IETF DNS spec doesn’t provide clarity on the order of operations, the nameserver responding to the query should be listed in its zone file’s NS records. Consequently, any additions to the NS record set (e.g., adding Akamai nameservers) should be established in the zone file before the registrar’s records are updated; conversely, any removals should be reflected first in the delegation records.

< <https://securityboulevard.com/2021/05/edge-dns-secondary-implementation-order-of-operations-for-ns-zone-and-registrar-records/> https://securityboulevard.com/2021/05/edge-dns-secondary-implementation-order-of-operations-for-ns-zone-and-registrar-records/>

 

Tim Berners-Lee: 'We kunnen het wereldwijde web nog fiksen' [Tim Berners-Lee: 'We can still fix the global web']

... Berners-Lee: ‘In de begindagen van informatiesystemen was er een communicatieprotocol met de naam Gopher. Het systeem werd opgezet op de campus van de universiteit van Minnesota. De interface zat goed in elkaar. Je kon er bestanden delen, er waren menu’s waar je door kon klikken.’ ‘Begin jaren negentig was Gopher de top van het internet. Maar op een bepaald moment besloten de oprichters licenties te verkopen om het systeem te gebruiken. De trafiek op de servers van Gopher begon meteen af te nemen. Het duurde niet lang of mensen van de IETF (The Internet Engineering Task Force, red.) begonnen me aan te spreken met de boodschap dat ze zo snel mogelijk van Gopher af wilden.’

< <https://www.tijd.be/app/carousel1/tim-berners-lee-de-bedenker-van-het-internet-we-kunnen-het-wereldwijde-web-nog-fiksen/10309722> https://www.tijd.be/app/carousel1/tim-berners-lee-de-bedenker-van-het-internet-we-kunnen-het-wereldwijde-web-nog-fiksen/10309722>

< <https://www.tijd.be/app/carousel1/tim-berners-lee-we-kunnen-het-wereldwijde-web-nog-fiksen/10309722.html> https://www.tijd.be/app/carousel1/tim-berners-lee-we-kunnen-het-wereldwijde-web-nog-fiksen/10309722.html>

 

“.中国”“.公司”中文顶级域名全面支持中国电信安全邮箱 [".中国" and ".公司" Chinese top-level domain names fully support China Telecom's secure mailbox ]

日前，中国互联网络信息中心（CNNIC）宣布，".中国"和".公司"中文顶级域名全面支持中国电信安全邮箱。这意味着企业及机构用户将可通过中国电信安全邮箱申请和使用全中文邮件地址。中国电信安全邮箱近日开发完成。此安全邮箱遵循国际互联网工程任务组（IETF）发布的邮件地址国际化标准，其中RFC6531核心协议等国际标准由CNNIC主导和参与制定。

< <https://beareyes.com.cn/2/lib/202105/28/20210528011.htm> https://beareyes.com.cn/2/lib/202105/28/20210528011.htm>

 

**********************

SECURITY & PRIVACY

**********************

Microsoft wants to unite APAC governments with cybersecurity council

US software vendor pulls together 15 policy makers from seven Asia-Pacific markets, including Indonesia, Singapore, and South Korea, to form a cybersecurity executive council that it hopes will exchange threat intelligence and resources in a "timely and open manner".

< <https://www.zdnet.com/article/microsoft-wants-to-unite-apac-governments-with-cybersecurity-council/> https://www.zdnet.com/article/microsoft-wants-to-unite-apac-governments-with-cybersecurity-council/>

 

Securing Internet Applications from Routing Attacks by Yixin Sun, Maria Apostolaki, Henry Birge-Lee, Laurent Vanbever, Jennifer Rexford, Mung Chiang, Prateek Mittal

The Internet is a "network of networks" that interconnects tens of thousands of separately administered networks. The Border Gateway Protocol (BGP) is the glue that holds the Internet together by propagating information about how to reach destinations in remote networks. However, BGP is notoriously vulnerable to misconfiguration and attack. The consequences range from making destinations unreachable (for example, Google's routing incident caused widespread Internet outage in Japan), to misdirecting traffic through unexpected intermediaries (for example, European mobile traffic routed through China Telecom due to improper routing announcements from a Swiss datacenter), to impersonating legitimate services (for example, traffic to an Amazon DNS server rerouted to attackers who answered DNS queries with fraudulent IP addresses). Efforts to secure the Internet routing system have been underway for many years, but the pace of progress is slow since many parties must agree on solutions and co-operate in their deployment.

< <https://cacm.acm.org/magazines/2021/6/252822-securing-internet-applications-from-routing-attacks/fulltext> https://cacm.acm.org/magazines/2021/6/252822-securing-internet-applications-from-routing-attacks/fulltext>

 

Talking Backdoors: Forcing a round peg into a square hole

In an appeal to the RIPE community Patrik Fälström, Technical Director and Head of Security at Netnod, and Stephen Farrell, Researcher at Trinity College Dublin and long time Security Area Director at the IETF, spoke out against the next wave of “not so secure encryption” proposals from the European Union. A recent Council of Ministers’ paper from the Portugese Presidency underlines once more the need for access to end-to-end encrypted communication.

< <https://www.centr.org/news/blog/ripe82-encryption.html> https://www.centr.org/news/blog/ripe82-encryption.html>

 

A broader view of security

DNS traffic encryption is all the rage, with standardisation, software and deployment advancing. But root server operators are questioning encryption for traffic going up to their servers. In a joint public statement of 31 March they declared they would not introduce encryption for the 13 root servers at this point in time. We asked the operators of root servers I and K, Lars-Johan Liman from Swedish operator Netnod and Kaveh Ranjibar from Ripe NCC, why root operators do not want to secure DNS queries by encryption.

< <https://www.centr.org/news/news/ripe82-root-security.html> https://www.centr.org/news/news/ripe82-root-security.html>

 

What is DMARC and how can it improve your email security?

The threat landscape is constantly evolving, with hackers finding new and ingenious ways to attack businesses. One constant, however, is the prevalence of email as an attack vector, ever since its rise in popularity in the 1990s.

< <https://www.itpro.co.uk/security/phishing/359702/what-is-dmarc-and-how-can-it-improve-your-email-security> https://www.itpro.co.uk/security/phishing/359702/what-is-dmarc-and-how-can-it-improve-your-email-security>

 

**********************

INTERNET OF THINGS

**********************

Power-sipping silicon takes aim at the Internet of Things

New intelligence and connectivity promise to not only reduce the power load for today's smart products, but to bring previously isolated devices into the IoT fold.

< <https://www.zdnet.com/article/power-sipping-silicon-takes-aim-at-the-internet-of-things/> https://www.zdnet.com/article/power-sipping-silicon-takes-aim-at-the-internet-of-things/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Sophos Research Uncovers Widespread Use of TLS By Cybercriminals

Nearly half of all malware is being disseminated via Transport Layer Security, an encryption protocol, which in this instance is being used to conceal nefarious activity, says Dan Schiappa, executive VP and chief product officer for Sophos. He also discusses how Sophos's new XGS Series appliances handle TLS inspection to keep customers safe.

< <https://www.darkreading.com/attacks-breaches/sophos-research-uncovers-widespread-use-of-tls-by-cybercriminals/a/d-id/1341068> https://www.darkreading.com/attacks-breaches/sophos-research-uncovers-widespread-use-of-tls-by-cybercriminals/a/d-id/1341068>

 

Nearly a quarter of malware now communicates using TLS

... Out of all the malware that made some kind of network connection during their infection process, about 23% communicated over HTTPS, either to send or receive data from the C2, or during installation when they may use HTTPS to conceal the fact that they are retrieving malicious payloads or components.

< <https://news.sophos.com/en-us/2020/02/18/nearly-a-quarter-of-malware-now-communicates-using-tls/> https://news.sophos.com/en-us/2020/02/18/nearly-a-quarter-of-malware-now-communicates-using-tls/>

 

Quic gives the internet's data transmission foundation a needed speedup

One of the internet's foundations just got an upgrade. Quic, a protocol for transmitting data between computers, improves speed and security on the internet and can replace Transmission Control Protocol, or TCP, a standard that dates back to Ye Olde Internet of 1974. Earlier this week, the Internet Engineering Task Force, which sets many standards for the global network, published Quic as a standard.

< <https://www.cnet.com/news/quic-gives-the-internets-data-transmission-foundation-a-needed-speedup/> https://www.cnet.com/news/quic-gives-the-internets-data-transmission-foundation-a-needed-speedup/>

< <https://www.msn.com/en-us/news/technology/quic-gives-the-internet-s-data-transmission-foundation-a-needed-speedup/ar-AAKvuB4> https://www.msn.com/en-us/news/technology/quic-gives-the-internet-s-data-transmission-foundation-a-needed-speedup/ar-AAKvuB4>

 

Google’s Quic to give Internet technology foundation an upgrade

The foundation of the internet technology that we use today is old and has been due for an upgrade for a long time, guess what? It recently got one. Google has been working on a technology called ‘Quic’ which is a protocol for transmitting data between multiple computers at high speed and with improved security. Quic has the potential to replace the current standard technology- TCP or Transmission Control Protocol. TCP dates back to the year 1974 so you can imagine the boost in performance, speed and reliability after this 2021 upgrade to one of the Internet’s foundation. ... Quic stands for “Quick UDP Internet Connection” but the IETF does not recognise Quic as an acronym.

< <https://techstory.in/googles-quic-to-give-internet-technology-foundation-an-upgrade/> https://techstory.in/googles-quic-to-give-internet-technology-foundation-an-upgrade/>

 

Quic ist offizieller Internet-Standard [Quic is the official Internet standard]

Neben TCP und UDP ist nun auch Quic als Transportprotokoll für das Internet standardisiert. Das darauf aufbauende HTTP/3 soll folgen. 

< <https://www.golem.de/news/ietf-quic-ist-offizieller-internet-standard-2105-156853.html> https://www.golem.de/news/ietf-quic-ist-offizieller-internet-standard-2105-156853.html>

 

AV Linux 2021.05: Multimedia-Distribution auf MX-Basis für Kreative [AV Linux 2021.05: MX-based multimedia distribution for creatives]

... Als Arbeitsumgebung stehen wahlweise der Fenstermanager Openbox oder der runderneuerte Desktop Xfce 4.16 zur Wahl, die von neuen Softwarepaketen für den Alltag, wie dem freien Browser Mozilla Firefox 88.0.1 mit Unterstützung für QUIC und HTTP/3 sowie der Office-Suite LibreOffice 7 flankiert werden.

< <https://www.computerbase.de/2021-05/av-linux-2021.05-multimedia-distribution-auf-mx-basis-fuer-kreative/> https://www.computerbase.de/2021-05/av-linux-2021.05-multimedia-distribution-auf-mx-basis-fuer-kreative/>

 

Le protocole QUIC désormais normalisé [The quic protocol now standardised]

Le protocole de transport QUIC (couche 4 du modèle OSI) vient d’être normalisé, sous la forme de plusieurs RFC. QUIC, déjà largement déployé, peut changer pas mal de choses sur le fonctionnement de l’Internet, en remplaçant, au moins partiellement, TCP. C’est quoi, QUIC, et à quoi ça sert ?

< <https://linuxfr.org/news/le-protocole-quic-desormais-normalise> https://linuxfr.org/news/le-protocole-quic-desormais-normalise>

 

Na internete nás čaká zmena. Experimentálny sieťový protokol po rokoch konečne uznali [We are waiting for a change on the Internet. Years later, the experimental network protocol was finally recognized ]

Po 8 rokoch od ambiciózneho vyhlásenia Google, že ich vtedy nová technológia nahradí internetový protokol TCP a po mnohých rokoch ladenia a úprav to experimentálny sieťový protokol QUIC (Quick UDP Internet Connections) konečne zvládol. Začiatkom tohto týždňa ho IETF (Internet Engineering Task Force) uznala za štandard. Na tému upozornil portál CNet.

< <https://fontech.startitup.sk/spravy/na-internete-nas-caka-zmena-experimentalny-sietovy-protokol-po-rokoch-konecne-uznali/> https://fontech.startitup.sk/spravy/na-internete-nas-caka-zmena-experimentalny-sietovy-protokol-po-rokoch-konecne-uznali/>

 

... QUIC je nově RFC 9000 [QUIC is now RFC 9000]

Síťový protokol QUIC (Quick UDP Internet Connections) se po několika letech prací a ladění stává RFC 9000 (podrobnosti). O QUIC jsme psali už před 8 lety, přičemž dva a půl roku zpět bylo oznámeno, že na QUIC bude založena příští verze HTTP/3. Očekává se též brzké vydání RFC, které bude popisovat běh HTTP na QUIC, tedy samotné HTTP/3.

< <https://www.root.cz/clanky/quic-je-nove-rfc-9000-zalozena-green-software-foundation/> https://www.root.cz/clanky/quic-je-nove-rfc-9000-zalozena-green-software-foundation/>

 

QUIC je nyní RFC 9000 [QUIC is now RFC 9000]

QUIC je nyní RFC 9000 aneb po téměř pěti letech bylo vydáno RFC 9000 formálně popisující síťový protokol QUIC. Již brzy by mělo vyjít také RFC popisující HTTP/3 aneb HTTP nad protokolem QUIC.

< <https://www.abclinuxu.cz/zpravicky/quic-je-nyni-rfc-9000> https://www.abclinuxu.cz/zpravicky/quic-je-nyni-rfc-9000>

 

İnternet Hızı Yeni Quic Protokolü ile Uçuşa Geçecek [Internet Speed Will Take Flight With The New Quic Protocol ]

İnternet için Quic protokolü nedir, Quic neden önemli? Quic olarak adlandırılan protokol, TCP'ye kıyasla hem daha hızlı hem de daha güvenilir.

< <https://www.tamindir.com/haber/internet-quic-protokolu_68043/> https://www.tamindir.com/haber/internet-quic-protokolu_68043/>

 

取代TCP：工程师宣布QUIC协议已完成RFC 9000发布 [Replacing TCP: The engineer announced that the QUIC protocol has completed the RFC 9000 release]

作为传输控制协议（TCP）的继任者，快速 UDP 互联网连接（QUIC）拥有安全、可靠、低延迟等特性，并且迎合了构建更快速、更具弹性、以及更受信任的互联网的使命。工程师 Jana Iyengar 在 Fastly 网站上发布的一篇博客文章中提到，出于对这方面的热爱，他们已经在 QUIC 上投入了大量的资源和精力。

< <https://finance.sina.com.cn/tech/2021-05-29/doc-ikmyaawc8230032.shtml> https://finance.sina.com.cn/tech/2021-05-29/doc-ikmyaawc8230032.shtml>

< <https://laoyaoba.com/n/782089> https://laoyaoba.com/n/782089>

 

新しいトランスポートプロトコル「QUIC」が「RFC 9000」として標準化 New transport protocol "QUIC" standardised as "RFC 9000"]

IETFは5月28日、新しいトランスポートプロトコル「QUIC」を、標準化した技術仕様「RFC 9000」として発表した。

< <https://thinkit.co.jp/news/bn/18417> https://thinkit.co.jp/news/bn/18417>

 

高速プロトコル「QUIC」、IETFが標準として承認 [High-speed protocol "QUIC" approved by IETF as standard ]

グローバルネットワークの多くの標準を定めているインターネット技術タスクフォース（IETF）は先週、コンピューター間でデータを送信するためのプロトコルであるQUICを標準として発表した。ウェブブラウザーやオンラインサービスは何年も前からQUICを試用してきたが、IETFによる承認は、本格採用するのに十分なほど同プロトコルが成熟していることを示している。

< <https://japan.cnet.com/article/35171547/> https://japan.cnet.com/article/35171547/>

 

TCPに代わる次世代のインターネット通信プロトコル「QUIC」が正式スタート、RFC 9000の発表で [Next-generation Internet communication protocol "QUIC" to replace TCP officially started, with the announcement of RFC 9000]

インターネット技術の標準化団体であるIETFが、TCPに代わるインターネット通信プロトコルとして注目を集めているQUICの技術仕様をまとめたRFC 9000を発表しました。これにより正式に「バージョン1」へと移行することが決まったQUICの将来について、RFC 9000の作成を手がけたヤナ・アイアンガー氏が解説しています。

< <https://gigazine.net/news/20210528-quic-rfc-9000/> https://gigazine.net/news/20210528-quic-rfc-9000/>

 

โปรโตคอล QUIC นิ่งแล้ว ออกเป็นมาตรฐาน RFC9000 [The QUIC protocol is stationary and is issued as rfc9000 standard.]

โปรโตคอล QUIC เป็นกระบวนการเชื่อมต่อสำหรับเว็บที่กูเกิลเสนอมาตั้งแต่ปี 2015 เพื่อเร่งความเร็วเริ่มต้น โดยเฉพาะการเชื่อมต่อแบบเข้ารหัสที่ปกติต้องส่งข้อมูลไปมาหลายครั้งก่อนจะเชื่อมต่อได้ ที่ผ่านมาโปรโตคอลมีการปรับแต่งหลายครั้งและแต่ละเวอร์ชั่นทำงานร่วมกันไม่ได้ วันนี้ทาง IETF ก็ประกาศมาตรฐานกลาง QUIC เป็นเอกสาร RFC9000

< <https://www.blognone.com/node/122901> https://www.blognone.com/node/122901>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Nominations Open! Jonathan B. Postel Service Award 2021

Do you know someone who has made an outstanding and sustained contribution in service to the Internet community? Nominate them for this year’s Jonathan B. Postel Service Award.

< <https://www.internetsociety.org/blog/2021/05/nominations-open-jonathan-b-postel-service-award-2021/> https://www.internetsociety.org/blog/2021/05/nominations-open-jonathan-b-postel-service-award-2021/>

 

Getting Down to Basics by Neil Savage

Writing the code to make a computer perform a particular job could be a Herculean task, back in the 1950s and 60s. "In the early 1950s, people did numerical computation by writing assembly language programs," says Alfred V. Aho, professor emeritus of computer science at Columbia University. "Assembly language is a language very close to the operations of a computer, and it's a deadly way to program. It's slow, tedious, and expensive."

< <https://cacm.acm.org/magazines/2021/6/252834-getting-down-to-basics/fulltext> https://cacm.acm.org/magazines/2021/6/252834-getting-down-to-basics/fulltext>

 

Shaping the Foundations of Programming Languages by Leah Hoffmann

ACM Turing award recipients Alfred Aho and Jeffrey Ullman met serendipitously, in the registration line for Princeton University's Ph.D. program. After graduate school, both joined the newly established Computing Science Research Center at Bell Laboratories, and their friendship turned into a productive collaboration that shaped the foundations of programming language theory and implementation. Here, they talk to us about languages, compilers, and the future of CS education.

< <https://cacm.acm.org/magazines/2021/6/252827-shaping-the-foundations-of-programming-languages/fulltext> https://cacm.acm.org/magazines/2021/6/252827-shaping-the-foundations-of-programming-languages/fulltext>

 

nl: Future internet at terabit speeds: SCION in P4

As part of the 2STiC programme, we’ve been evaluating and experimenting with future internet architectures at SIDN Labs. One of the architectures that we are looking at is SCION. SCION stands for Scalability, Control and Isolation on Next-Generation Networks, and is being developed at ETH Zurich, a university in Switzerland, and its spin-off company Anapaya Systems.

< <https://www.sidnlabs.nl/en/news-and-blogs/future-internet-at-terabit-speeds-scion-in-p4> https://www.sidnlabs.nl/en/news-and-blogs/future-internet-at-terabit-speeds-scion-in-p4>

 

nl: A maturity model for modern internet standards: Setting objectives and making choices

Along with numerous other national and international organisations involved with the internet infrastructure, we have been promoting the adoption of modern internet standards for many years. The standards we have backed include DNSSEC, IPv6, SPF/DKIM/DMARC and DANE.

< <https://www.sidn.nl/en/news-and-blogs/a-maturity-model-for-modern-internet-standards> https://www.sidn.nl/en/news-and-blogs/a-maturity-model-for-modern-internet-standards>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home