[Newsclips] IETF SYN-ACK Newspack 2023-10-23

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Advancements in IETF SAVNET WG: Recent Achievements and Future Endeavors

Many attack methods, such as redirection, amplification, and anonymity, exploit source IP address spoofing, making it a significant threat to Internet security. In response network operators use source address validation (SAV) mechanisms to filter packets with spoofed source IP addresses. However, these mechanisms still grapple with validation accuracy and operational efficiency.

< <https://www.manrs.org/2023/10/advancements-in-ietf-savnet-wg-recent-achievements-and-future-endeavors/> https://www.manrs.org/2023/10/advancements-in-ietf-savnet-wg-recent-achievements-and-future-endeavors/>

 

Internet Governance in 2023 by Geoff Huston

The technology specifications that are developed by the standards bodies are certainly informed by the goals and objectives of public expectations about the technology process. For example the public concerns over the use of digital surveillance mechanisms by US agencies, as revealed in the Snowden documents of 2013 motivated as reaction in the IETF (RFC 7258, " Pervasive Monitoring Is an Attack", May 2014) that led to the adoption of strong privacy measures in many IETF-specified protocols thereafter. At the same tome the capabilities described in these technology specifications informs the public policy conversation, not only in defining the scope of the conversation but also in illustration feasible objectives for the public policy process.

< <https://www.potaroo.net/ispcol/2023-10/igov.html> https://www.potaroo.net/ispcol/2023-10/igov.html>

< <https://blog.apnic.net/2023/10/20/internet-governance-in-2023/> https://blog.apnic.net/2023/10/20/internet-governance-in-2023/>

 

Ignite your curiosity ahead of the Internet Engineering Taskforce's IETF 119 meeting

The IETF, is a global community of technologists that play a pivotal role in developing technical standards that guide how the internet operates. auDA held a webinar with two long-time IETF participants, Bron Gondwana and Mark Nottingham, where we discussed the standardisation process, its importance to the internet’s function and how to get involved in the IETF ahead of the IETF 199 meeting in Brisbane in 2024. Here are our top five takeaways from the discussion:

< <https://www.auda.org.au/blog/ignite-your-curiosity-ahead-internet-engineering-taskforces-ietf-119-meeting> https://www.auda.org.au/blog/ignite-your-curiosity-ahead-internet-engineering-taskforces-ietf-119-meeting>

 

Huawei Plans to Launch Complete Net5.5G Solutions in 2024, Bringing Net5.5G to Reality [news release]

... Huawei has joined WBBA's network technology working group and is currently working with industry partners to carry out Net5.5G research. It is also participating in Net5.5G-relevant technical standardization work being conducted by IEEE and IETF, covering key areas such as Wi-Fi 7, 800GE, SRv6, and Network Digital Map.

< <https://www.huawei.com/en/news/2023/10/bringing5dot5g-toreality> https://www.huawei.com/en/news/2023/10/bringing5dot5g-toreality>

 

L'attacco informatico da record contro i colossi del web [The record-breaking cyber attack against the giants of the web]

... Un altro aspetto notevole della recente aggressione è l'origine della vulnerabilità. Rapid Reset non si trova in un software in particolare, ma nelle specifiche del protocollo di rete Http/2 utilizzato per il caricamento delle pagine web. Sviluppato dall'IETF, Http/2 è in circolazione da circa otto anni ed è una versione più veloce ed efficiente del classico protocollo internet Http. Dal momento che funziona meglio sui dispositivi mobili e utilizza meno larghezza di banda, il protocollo è stato adottato in modo estremamente diffuso (l'Ietf sta attualmente sviluppando il successore, Http/3).

< <https://www.wired.it/article/web-attacco-informatico-rapid-reset-google-amazon-microsoft-cloudflare/> https://www.wired.it/article/web-attacco-informatico-rapid-reset-google-amazon-microsoft-cloudflare/>

 

El protocolo de seguridad de internet tiene un fallo que tardará años en corregirse [The Internet Security Protocol Has a Flaw That Will Take Years to Fix]

... Otro aspecto de la situación es la procedencia de la vulnerabilidad. El Reinicio Rápido no se encuentra en una pieza concreta del software, sino en la especificación del protocolo de red HTTP/2 utilizado para cargar las páginas web. Desarrollado por el Grupo de Trabajo de Ingeniería de Internet (IETF, por sus siglas en inglés), el HTTP/2 existe desde hace unos ocho años y es el sucesor más rápido y eficiente del protocolo de internet clásico, el HTTP. El protocolo HTTP/2 funciona mejor en dispositivos móviles y utiliza menos ancho de banda, por lo que su adopción se ha extendido ampliamente. Actualmente, el IETF está desarrollando el HTTP/3.

< <https://es.wired.com/articulos/protocolo-de-seguridad-de-internet-tiene-fallo-que-tardara-anos-en-corregirse> https://es.wired.com/articulos/protocolo-de-seguridad-de-internet-tiene-fallo-que-tardara-anos-en-corregirse>

 

Ijesztő rés a web védelmén: ez az új sebezhetőség évekig kísérti majd az internetezést [A scary gap in web protection: this new vulnerability will haunt the internet for years to come]

... A helyzet másik oldala, hogy honnan származik a sebezhetőség. A Rapid Reset nem egy adott szoftverben, hanem a weboldalak betöltésére használt HTTP/2 hálózati protokoll specifikációjában található. Az IETF által kifejlesztett HTTP/2 körülbelül nyolc éve létezik, és a klasszikus internetes protokoll, a HTTP gyorsabb, hatékonyabb utódja. A HTTP/2 jobban működik mobilon és kevesebb sávszélességet használ, ezért rendkívül széles körben elterjedt. Az IETF jelenleg a HTTP/3 kifejlesztésén dolgozik.

< <https://www.blikk.hu/ferfiaknak/tech/res-az-internet-vedelmen-uj-sebezhetoseg-evekig-kiserteni-fog/g55eh6l> https://www.blikk.hu/ferfiaknak/tech/res-az-internet-vedelmen-uj-sebezhetoseg-evekig-kiserteni-fog/g55eh6l>

 

**********************

SECURITY & PRIVACY

**********************

Coordination Key to Largest RPKI Deployment

Amazon Web Services (AWS, AS16509) is the leading cloud infrastructure service provider, managing around one-third of the market share. With more than one million customers, including many Fortune 500 companies, making sure its network is secure is a constant priority.

< <https://www.manrs.org/2023/10/coordination-key-to-largest-rpki-deployment/> https://www.manrs.org/2023/10/coordination-key-to-largest-rpki-deployment/>

 

MANRS Observatory Updates to Provide 3.5 Times More RPKI Data

We measure many aspects of the Internet for the MANRS projects – gathering data daily from 10 different sources and generating 14 metrics across over 100k ASes from that data for the MANRS Observatory.

< <https://www.manrs.org/2023/10/manrs-observatory-updates-to-provide-3-5-times-more-rpki-data/> https://www.manrs.org/2023/10/manrs-observatory-updates-to-provide-3-5-times-more-rpki-data/>

 

ICANN Seeks Input: Draft Report of the Root Zone DNSSEC Algorithm Rollover Study

ICANN opened a new Public Comment proceeding. The IANA convened a team in January 2022 to study the requirements for changing the cryptographic algorithm used for signing the DNS root zone. The resulting framework is intended to ensure that ICANN, the ICANN community, and ICANN's global partners are technically and operationally prepared for a future change in the root zone's signing algorithm. This proceeding seeks input on the draft report and recommendations of the design team to inform their final report.

< <https://www.icann.org/en/announcements/details/icann-seeks-input-draft-report-of-the-root-zone-dnssec-algorithm-rollover-study-19-10-2023-en> https://www.icann.org/en/announcements/details/icann-seeks-input-draft-report-of-the-root-zone-dnssec-algorithm-rollover-study-19-10-2023-en>

 

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software

Technology is integrated into nearly every facet of daily life, as internet-facing systems increasingly connect us to critical systems that directly impact our economic prosperity, livelihoods, and even health, ranging from personal identity management to medical care One example of the disadvantage of such conveniences are the global cyber breaches resulting in hospitals canceling surgeries and diverting patient care Insecure technology and vulnerabilities in critical systems may invite malicious cyber intrusions, leading to potential safety risks

< <https://www.ic3.gov/Media/News/2023/231016-2.pdf> https://www.ic3.gov/Media/News/2023/231016-2.pdf>

 

us: CISA Announces Effort to Revise the National Cyber Incident Response Plan

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced next steps for ongoing engagement with industry and government to update the National Cyber Incident Response Plan (NCIRP). As directed by the President’s 2023 National Cybersecurity Strategy, CISA, in close coordination with the Office of the National Cyber Director, is embarking on a process to gather input from public and private sector partners– including the federal interagency, Sector Risk Management Agencies (SRMAs), regulators, and critical infrastructure organizations, to identify key changes for incorporation into the updated NCIRP.

< <https://www.cisa.gov/news-events/news/cisa-announces-effort-revise-national-cyber-incident-response-plan> https://www.cisa.gov/news-events/news/cisa-announces-effort-revise-national-cyber-incident-response-plan>

 

us: The Next Chapter of Secure by Design

Yesterday, CISA Director Jen Easterly announced the second iteration of CISA’s Secure by Design whitepaper, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” at the Singapore Cyber Week conference. Since releasing the first version of the whitepaper in April, we received a great deal of constructive and detailed feedback from a wide spectrum of stakeholders, including software manufacturers of all sizes, customers, non-profits, academics, U.S. and international government agencies, and individuals. Ten U.S. and international partners co-sealed the first version of the whitepaper. This version includes an incredible eight additional countries and international organizations. This scale of feedback and partnership underscores that the industry is keen to have this conversation, and that the time to shift the responsibility for security is now. We have been honored by how generous people have been with their time and expertise.

< <https://www.cisa.gov/news-events/news/next-chapter-secure-design> https://www.cisa.gov/news-events/news/next-chapter-secure-design>

 

**********************

QUANTUM NETWORKING

**********************

Argonne to receive new funding to develop quantum networks [news release]

Quantum networks hold enormous potential for groundbreaking advances in many areas of science and technology. Once this technology matures, it is expected to be an essential component of quantum computing. It could have the equivalent impact as the internet has had on digital communication.

< <https://www.anl.gov/article/argonne-to-receive-new-funding-to-develop-quantum-networks> https://www.anl.gov/article/argonne-to-receive-new-funding-to-develop-quantum-networks>

 

Accenture Invests in Aliro Quantum to Establish Secure Quantum Networks [news release]

Accenture announced a strategic investment through Accenture Ventures in Aliro Quantum, a provider of multi-purpose, end-to-end entanglement-based secure quantum networks. The investment will help Accenture and Aliro equip clients with secure quantum networks that establish safe and secure data and communications.

< <https://newsroom.accenture.com/news/accenture-invests-in-aliro-quantum-to-establish-secure-quantum-networks.htm> https://newsroom.accenture.com/news/accenture-invests-in-aliro-quantum-to-establish-secure-quantum-networks.htm>

 

Colorado designated as official tech hub for quantum industry

Colorado has been designated as an official technology and innovation hub for the quantum industry, opening up tens of millions of dollars in funding and elevating the region’s profile as a leader in the field.

< <https://www.denverpost.com/2023/10/20/colorado-designated-as-tech-hub-quantum-chips/> https://www.denverpost.com/2023/10/20/colorado-designated-as-tech-hub-quantum-chips/>

 

The pros and cons of quantum networking

Quantum networking, which is based on quantum physics, offers secure, high-speed communication. Challenges of quantum networking include fragility, costs and integration.

< <https://www.techtarget.com/searchnetworking/tip/The-pros-and-cons-of-quantum-networking> https://www.techtarget.com/searchnetworking/tip/The-pros-and-cons-of-quantum-networking>

 

**********************

OTHERWISE NOTEWORTHY

**********************

ITU wins Emmy Award for HDR-TV standard 

​​​​​​ITU has won the Engineering, Science & Technology Emmy Award for the development of a radiocommunication standard for High Dynamic Range Television (HDR-TV).

< <https://www.itu.int/en/mediacentre/Pages/PR-2023-10-ITU-wins-Emmy-Award-for-HDR-TV-standard.aspx> https://www.itu.int/en/mediacentre/Pages/PR-2023-10-ITU-wins-Emmy-Award-for-HDR-TV-standard.aspx>

 

ITU receives Emmy Award for HDR-TV – and transforming the world of television

The International Telecommunication Union (ITU) has once again taken centre stage in the world of television technology with the third Emmy Award for the ITU Radiocommunication Sector (ITU‑R).

< <https://www.itu.int/hub/2023/10/itu-receives-emmy-award-for-hdr-tv-and-transforming-the-world-of-television/> https://www.itu.int/hub/2023/10/itu-receives-emmy-award-for-hdr-tv-and-transforming-the-world-of-television/>

 

IEEE 1012 Standard: A Roadmap for Regulating AI Programs

As the world grapples with the rapid advancement of AI technologies and their potential ethical challenges, there is a growing need for regulatory frameworks to ensure responsible development and deployment. Policymakers worldwide are engaged in debates on how to strike the right balance between addressing AI’s risks and fostering innovation. Fortunately, there is a well-established roadmap that can guide these efforts – the IEEE 1012 Standard for System, Software, and Hardware Verification and Validation. In this article, we explore how this standard can serve as a foundation for effective AI regulation.

< <https://www.cryptopolitan.com/ieee-1012-standard-a-roadmap-for-regulating-ai-programs/> https://www.cryptopolitan.com/ieee-1012-standard-a-roadmap-for-regulating-ai-programs/>

< <https://www.msn.com/en-us/money/other/ieee-1012-standard-a-roadmap-for-regulating-ai-programs/ar-AA1idBNs> https://www.msn.com/en-us/money/other/ieee-1012-standard-a-roadmap-for-regulating-ai-programs/ar-AA1idBNs>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home