[Newsclips] IETF SYN-ACK Newspack 2021-09-20

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Industry Insights: RDAP Becomes Internet Standard by Scott Hollenbeck

Earlier this year, the IETF’s Internet Engineering Steering Group (IESG) announced that several Proposed Standards related to the Registration Data Access Protocol (RDAP), including three that I co-authored, were being promoted to the prestigious designation of Internet Standard. Initially accepted as proposed standards six years ago, RFC 7480, RFC 7481, RFC 9082 and RFC 9083 now comprise the new Standard 95. RDAP allows users to access domain registration data and could one day replace its predecessor the WHOIS protocol.

< <https://blog.verisign.com/domain-names/industry-insights-rdap-becomes-internet-standard/> https://blog.verisign.com/domain-names/industry-insights-rdap-becomes-internet-standard/>

< <https://circleid.com/posts/20210916-industry-insights-rdap-becomes-internet-standard> https://circleid.com/posts/20210916-industry-insights-rdap-becomes-internet-standard>

 

Another DNS OARC meeting by Geoff Huston

These are some notes I took from the DNS OARC meeting held in September 2021. OARConline 35a was a short virtual meeting with six presentations, but for those of us needing a fix of heavy-duty DNS, it was very welcome! ... One of the weaknesses here is that the NS record is unsigned, as DNSSEC protects only the integrity of the response. It does not protect the delegation chain from root to target domain. There is a conversation in the IETF’s DNSOP Working Group to merge some combination of the DS and NS records into a signed record in the parent, protecting both the delegation and the interlocking of DNSSEC keys.

< <https://www.potaroo.net/ispcol/2021-09/oarc35a.html> https://www.potaroo.net/ispcol/2021-09/oarc35a.html>

< <https://blog.apnic.net/2021/09/14/another-dns-oarc-meeting/> https://blog.apnic.net/2021/09/14/another-dns-oarc-meeting/>

 

Overcoming the challenges of IPv4 exhaustion

... In a sense, IPv4 exhaustion results from the internet being too popular for its own good. When the IETF introduced the standard in 1981, the more than 4 billion addresses it encompassed seemed more than ample. Within a decade, though, it had become apparent that far more would be needed. IPv6, a successor specification introduced in 1998 and ratified as a standard in 2017, can accommodate virtually unlimited IP connectivity.

< <https://betanews.com/2021/09/17/overcoming-the-challenges-of-ipv4-exhaustion/> https://betanews.com/2021/09/17/overcoming-the-challenges-of-ipv4-exhaustion/>

 

WebRTC: Now Officially a W3C Standard

WebRTC is a framework for real-time communication (RTC) between browsers that requires no special plug-in to work. It is an open-source API that enables voice and video communication inside browser web pages. The WebRTC standard was first introduced in 2011 and has gained popularity over the years. As of 2016, there were 2 billion browsers that were enabled to work with WebRTC. But it hasn’t been until this year, 2021, that WebRTC was recognized as a W3C and IETF standard. 

< <https://formtek.com/blog/webrtc-now-officially-a-w3c-standard/> https://formtek.com/blog/webrtc-now-officially-a-w3c-standard/>

 

Thread vs Bluetooth: the VHS vs Betamax of IoT connections?

... Second, let’s look at who backs which protocol. Thread and Bluetooth each count respective user groups that aim to see their protocol emerge as the industry de facto. For example, The Thread Group is a not-for-profit responsible for market education of all things Thread. Meanwhile, Bluetooth is backed by the Bluetooth Special Interest Group (SIG), an organization that oversees the development of overall Bluetooth standards, as well as the IETF. Despite these two groups carrying strong reputations and industry clout, Thread Group is the more successful of the two with its sole focus and large community.

< <https://www.embedded.com/thread-vs-bluetooth-the-vhs-vs-betamax-of-iot-connections/> https://www.embedded.com/thread-vs-bluetooth-the-vhs-vs-betamax-of-iot-connections/>

 

Google, Apple and Facebook move aside — Ethereum will offer users control over their data with a new sign-in method

... According to Spruce’s announcement, the company will work with ENS and EF closely to ensure that signing in with Ethereum is compatible with current standards in the industry. “We will be working closely with the teams at EF and ENS, ensuring that development will happen in the open, ample consideration is given to existing bodies of related work (existing implementations, EIPs, OpenID, IETF, W3C, etc.), and that the final result will be friendly to implementers while remaining vendor-neutral,” the company said.

< <https://www.businessinsider.in/cryptocurrency/news/google-apple-and-facebook-may-face-competition-from-ethereum-in-the-battle-for-user-data/articleshow/86194538.cms> https://www.businessinsider.in/cryptocurrency/news/google-apple-and-facebook-may-face-competition-from-ethereum-in-the-battle-for-user-data/articleshow/86194538.cms>

< <https://www.msn.com/en-us/news/technology/google-apple-and-facebook-move-aside-e2-80-94-ethereum-is-offering-users-control-over-their-data-with-a-new-sign-in-method/ar-AAOq7tR> https://www.msn.com/en-us/news/technology/google-apple-and-facebook-move-aside-e2-80-94-ethereum-is-offering-users-control-over-their-data-with-a-new-sign-in-method/ar-AAOq7tR>

 

Q&A with ZTE’s Liu Fangfei: TSN+5G Transforms Industry

... At present, the transport network can implement hard slicing based on FlexE to generate hop-by-hop or end-to-end slicing pipes. In non-FlexE scenarios, it can also implement slicing based on reserved virtual ports. It can generate dedicated bandwidth slicing with reference to RFC7625 and IETF draft (draft-filsfils-spring-srv6-stateless-slice-id-01), and generate soft slicing based on FA, SR Policy and VPN.

< <https://developingtelecoms.com/telecom-technology/telecom-cloud-virtualization/11918-q-a-with-zte-s-liu-fangfei-tsn-5g-transforms-industry.html> https://developingtelecoms.com/telecom-technology/telecom-cloud-virtualization/11918-q-a-with-zte-s-liu-fangfei-tsn-5g-transforms-industry.html>

 

Speed at scale: Let’s Encrypt serving Shopify’s 4.5 million domains

... The speed of Let’s Encrypt helped Shopify realize their goal of provisioning certs for all of their domains and automating management. Since Let’s Encrypt uses the IETF-standardized ACME protocol, Shopify felt confident that if they needed to, they could roll over to a different ACME CA. “We knew in the future, if things went well with the ACME standard, we’d be able to add a different ACME provider with the exact same implementation,” Charles said.

< <https://letsencrypt.org/2021/09/14/speed-at-scale-shopify.html> https://letsencrypt.org/2021/09/14/speed-at-scale-shopify.html>

 

ETSI Releases Specifications for E2E Network and Service Automation

ETSI recently announced the release of three major specifications and report developed by its Zero-touch network and Service Management (ZSM) group. ... ETSI GS ZSM 003 defines an architecture blueprint and solutions for zero-touch management and orchestration of end-to-end, cross-domain network slicing – supporting both fulfilment and assurance processes. Network slicing spans different technological domains, from the User Equipment (UE) through, for example, the access network, transport network, core network, to the application. The specification leverages existing industry specifications, stitches them together and provides a federated solution. The alignment and leverage of synergies across ETSI ZSM, 3GPP, O-RAN, IETF, BBF, TMF, GSMA NEST, etc. is essential to enable the delivery of end-to-end network slicing that can satisfy the requirements from vertical industries and the demands of network operators.

< <https://www.thefastmode.com/technology-solutions/20783-etsi-releases-specifications-for-e2e-network-and-service-automation> https://www.thefastmode.com/technology-solutions/20783-etsi-releases-specifications-for-e2e-network-and-service-automation>

 

Use Email Security Tools to Protect Remote Employees and Data [news release]

... Secure/Multipurpose Internet Mail Extensions makes sure that the message is read by the intended receiver and no third party. It is end-to-end encrypted, and interception is not allowed. The IETF has called for the universal adoption of S/MIME.

< <https://www.arnnet.com.au/mediareleases/204841/use-email-security-tools-to-protect-remote/> https://www.arnnet.com.au/mediareleases/204841/use-email-security-tools-to-protect-remote/>

 

Defeating Ransomware with Multi-Factor Authentication (MFA)

... TOTP is a widely accepted, and broadly integrated algorithm with MFA based upon RFC-6238 from the IETF and is often adopted due to enhanced security features, such as a shortened passcode expiration that typically ranges from 30-90 seconds.

< <https://www.cio.com/article/3633592/defeating-ransomware-with-multi-factor-authentication-mfa.html> https://www.cio.com/article/3633592/defeating-ransomware-with-multi-factor-authentication-mfa.html>

 

No, Apple's Private Relay is not a VPN, but you can still try it out with iOS 15

When Apple announced a trio of new privacy perks for its iCloud Plus subscription service in iOS 15 at Apple's WWDC event in June, the headliner was Private Relay -- a browser-based encryption boost, aimed at the growing number of people who are turning to virtual private networks for better online privacy. Now, with iOS 15's arrival on Monday (here's how to download iOS 15), a wider swath of Apple users will be able to test drive the proxy service for themselves.

< <https://www.cnet.com/tech/services-and-software/no-apples-private-relay-is-not-a-vpn-but-you-can-still-try-it-out-with-ios-15/> https://www.cnet.com/tech/services-and-software/no-apples-private-relay-is-not-a-vpn-but-you-can-still-try-it-out-with-ios-15/>

 

Arrcus Lands Ayyar as New CEO, Softbank Investment

... Arrcus technical staff, including Patel, have been instrumental in several new patents for virtualized routing. An interesting one to look at to understand the Arrcus approach might be "Best path computation offload in a network computing environment," which can be viewed here. Patel is also active in the IETF, where he was appointed chairman of the Border Gateway Protocol (BGP) working group. BGP is a critical routing technology used in most Internet, cloud, and edge networking installations.

< <https://www.forbes.com/sites/rscottraynovich/2021/09/15/arrcus-lands-ayyar-as-new-ceo-softbank-investment/> https://www.forbes.com/sites/rscottraynovich/2021/09/15/arrcus-lands-ayyar-as-new-ceo-softbank-investment/>

 

35 ans après sa création, le « .fr » ne s'est jamais aussi bien porté (Interview) [35 years after its creation, the ".fr" has never been so good (Interview)]

... À côté de ce métier de registre, il y a aussi une partie de recherche et développement. 10% du chiffre d'affaires de l'AFNIC sont dédiés à la R&D, avec des axes majoritairement liés à mettre le DNS (les protocoles) au service d'acteurs ou industries qui ne l'utilisent pas encore, comme l'Internet des objets (IoT), ou des solutions d'identité numérique. Nous contribuons par ailleurs à la gouvernance de l'internet, notamment au sein d'organisations comme l'IETF ou le Forum mondial pour la gouvernance de l'Internet.

< <https://www.clubic.com/internet/actualite-384639-ans-apres-sa-creation-le-fr-ne-s-est-jamais-aussi-bien-porte-interview-.html> https://www.clubic.com/internet/actualite-384639-ans-apres-sa-creation-le-fr-ne-s-est-jamais-aussi-bien-porte-interview-.html>

 

Ladislav Lhotka a Petr Špaček jsou autory nového internetového standardu od IETF [Ladislav Lhotka and Petr Špaček are the authors of the new internet standard from the IETF]

Vedoucí Laboratoří CZ.NIC Ladislav Lhotka je spoluautorem dalšího internetového standardu. Mezinárodní organizace IETF schválila nový standard RFC 9108, na kterém se Lhotka podílel s Petrem Špačkem z Internet Systems Consortium.

< <https://www.lupa.cz/aktuality/ladislav-lhotka-a-petr-spacek-jsou-autory-noveho-internetoveho-standardu-od-ietf/> https://www.lupa.cz/aktuality/ladislav-lhotka-a-petr-spacek-jsou-autory-noveho-internetoveho-standardu-od-ietf/>

 

Adresse IP : guide complet sur le numéro d’identification propre à chaque appareil connecté au Web [IP Address: A complete guide to the identification number specific to each web-connected device]

... IPv6 a été développé par l’IETF et a été officialisé en 1998. Cette mise à niveau a considérablement augmenté l’espace d’adressage disponible. En outre, des modifications ont été apportées pour améliorer l’efficacité des en-têtes de paquets IP.

< <https://www.lebigdata.fr/adresse-ip-guide-complet> https://www.lebigdata.fr/adresse-ip-guide-complet>

 

ZDNS完成B轮融资，加速下一代域名系统升级 [ZDNS completes round B financing to accelerate next-generation domain name system upgrades]

... ZDNS运行着互联网关键基础设施，经工业和信息化部批复成为全球互联网域名根服务器运行机构；构建了亚洲最大的新顶级域名服务平台；拥有互联网基础资源服务领域核心技术，主导制定多项IETF国际标准，十余项国内行业标准，近百项专利；创新研发互联网基础软硬件系统，提供一站式域名系统全链路解决方案，为企业构筑安全稳定的核心业务控制枢纽，为企业数字化建设提供坚实的基础网络支撑。

< <https://www.sohu.com/a/490457614_104421> https://www.sohu.com/a/490457614_104421>

 

**********************

SECURITY & PRIVACY

**********************

The prevalence of DNS over HTTPS

Privacy-preserving DNS protocols like DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ) have been around since 2014 but they have only recently been brought to the attention of the general public following Firefox’s announcement to make DoH a default.

< <https://blog.apnic.net/2021/09/13/the-prevalence-of-dns-over-https/> https://blog.apnic.net/2021/09/13/the-prevalence-of-dns-over-https/>

 

New MANRS Equipment Vendor Program Launched To Improve Internet Routing Security

Today, we’re announcing a new MANRS Equipment Vendor Program. Founding participants include global leaders in network equipment Arista, Cisco, Huawei, Juniper, and Nokia, with others expected to join soon.

< <https://www.internetsociety.org/blog/2021/09/new-manrs-equipment-vendor-program-launched-to-improve-internet-routing-security/> https://www.internetsociety.org/blog/2021/09/new-manrs-equipment-vendor-program-launched-to-improve-internet-routing-security/>

 

Huawei Joins MANRS to Boost Global Internet Security

Huawei became a founding member of the Equipment Vendor Program (EVP) of the Mutually Agreed Norms for Routing Security (MANRS), in an effort to actively improve global Internet security.

< <https://www.huawei.com/en/news/2021/9/huawei-manrs-boost-global-internet-security> https://www.huawei.com/en/news/2021/9/huawei-manrs-boost-global-internet-security>

 

State of Cybersecurity Posture: The Overarching Problem Is Scale

I’ve been asked to address the cybersecurity security posture of the United States. That’s simple. A few years ago I wrote, tongue in cheek, that based on my analysis the entire world economy would be consumed by cybercrime in 2025. Bye-Bye World Economy. With Solar Winds, JBS Foods, wholesale destruction of municipal and educational networks, and older but equally significant events like WannaCry and NotPetya, my prediction is far closer to the truth than I would have dreamed.

< <https://www.hstoday.us/911/state-of-cybersecurity-posture-the-overarching-problem-is-scale/> https://www.hstoday.us/911/state-of-cybersecurity-posture-the-overarching-problem-is-scale/>

 

The Role of Service Providers in Transforming Security

Cyber-attacks are increasing in severity. Cybercriminals now use the supply chain, management systems, or managed service providers to gain entry to insecure systems. Each attack can have multiple objectives depending on the threat actor, sponsoring nation, or even the target. The culture of threat actors affects the objectives and tactics, including the patience level of threat actors or the sponsoring nation. The cybercriminal may use the supply chain to target an individual organization.

< <https://www.cisecurity.org/blog/the-role-of-service-providers-in-transforming-security/> https://www.cisecurity.org/blog/the-role-of-service-providers-in-transforming-security/>

 

The 5 Ws for Building a Strong Cybersecurity Plan

Creating a cybersecurity plan is the first step in starting secure and staying secure. Consider this when planning a budget, getting support from staff, and creating company goals. Here are the five essential Ws for getting started.

< <https://www.cisecurity.org/blog/the-5-ws-for-building-a-strong-cybersecurity-plan/> https://www.cisecurity.org/blog/the-5-ws-for-building-a-strong-cybersecurity-plan/>

 

us: Virtual Events Amplify NIST’s Cybersecurity and Privacy International Engagements

For the past many months, NIST has taken advantage of the shift to online events to deepen our international engagement. NIST looked overseas as we kicked off our virtual Cybersecurity Risk Management webinar series in May, along with our co-hosts from the Center for Cybersecurity Policy and Law. The event on May 25 drew registrants from over 70 countries and we shared and heard perspectives on international cybersecurity risk management.

< <https://www.nist.gov/blogs/cybersecurity-insights/virtual-events-amplify-nists-cybersecurity-and-privacy-international> https://www.nist.gov/blogs/cybersecurity-insights/virtual-events-amplify-nists-cybersecurity-and-privacy-international>

 

Risky business or a leap of faith? A risk based approach to optimise cybersecurity certification

The European Union Agency for Cybersecurity (ENISA) launches a cybersecurity assessment methodology for cybersecurity certification of sectoral multistakeholder ICT systems.

< <https://www.enisa.europa.eu/news/enisa-news/risky-business-or-a-leap-of-faith-a-risk-based-approach-to-optimise-cybersecurity-certification> https://www.enisa.europa.eu/news/enisa-news/risky-business-or-a-leap-of-faith-a-risk-based-approach-to-optimise-cybersecurity-certification>

 

German Federal Government Cybersecurity Strategy

Last week, the German Federal Cabinet adopted a new cybersecurity strategy for the next five years. It aims to strengthen the protection and IT security of citizens, companies and critical infrastructures.

< <https://international.eco.de/news/german-federal-government-cybersecurity-strategy/> https://international.eco.de/news/german-federal-government-cybersecurity-strategy/>

 

**********************

INTERNET OF THINGS

**********************

More Safety for IoT Devices: Test Specification for ETSI EN 303 645 Published

The safety test standard ETSI EN 303 645, which was already published in mid-2021, is intended to ensure more uniformity of safety standards for IoT devices, especially on the European market. The test standard is a recommendation to manufacturers and addresses all networked consumer IoT devices, especially in the Smart Home sector.

< <https://international.eco.de/news/more-safety-for-iot-devices-test-specification-for-etsi-en-303-645-published/> https://international.eco.de/news/more-safety-for-iot-devices-test-specification-for-etsi-en-303-645-published/>

 

Internet of Things (IoT) Security Trends 2021

While work from home has generated a whole new level of security threats, the Internet of Things (IoT) promises to up the ante even further.

< <https://www.datamation.com/security/iot-security-trends/> https://www.datamation.com/security/iot-security-trends/>

 

Understanding IoT Security Challenges

IoT or Internet of Things defines the interconnection of a large number of devices present globally connected to the Internet and are collecting & exchanging their data. IoT Cloud solutions allow different objects to connect and integrate sensors to these objects to deliver digital intelligence over a Cloud platform. Digital intelligence enables these objects to carry out interactions between them without human involvement. The Internet of Things is crucial in making the modern world smarter by amalgamating digital and physical ecosystems.

< <https://www.esds.co.in/blog/understanding-iot-security-challenges/> https://www.esds.co.in/blog/understanding-iot-security-challenges/>

 

The 8 Biggest Security Threats and Challenges for IoT

In this era of technological transformation, the Internet of Things (IoT) is one of the most popular technologies. As devices and technology get smarter and more connected, the dangers and vulnerabilities they confront increase as well. The IoT has been widespread over the past decade in various sectors and many firms use IoT in order to develop smarter operations.

< <https://www.business2community.com/tech-gadgets/the-8-biggest-security-threats-and-challenges-for-iot-02431222> https://www.business2community.com/tech-gadgets/the-8-biggest-security-threats-and-challenges-for-iot-02431222>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Biognosys Enters Collaboration with Leading Life Science Company to Advance Next-generation Proteomics

... Additionally, Evotec is implementing Biognosys’ unique workflow for mass spectrometry facility management. This workflow combines Biognosys’ proprietary QuiC software with its patented indexed Retention Time (iRT) technology and iRT Kit to generate near real-time readouts from mass spectrometry instrument raw files for quality control.

< <https://biognosys.com/news/biognosys-enters-collaboration-with-leading-life-science-company-to-advance-next-generation-proteomics/> https://biognosys.com/news/biognosys-enters-collaboration-with-leading-life-science-company-to-advance-next-generation-proteomics/>

 

A2 Hosting: piano Turbo Boost, sconto 52% [A2 Hosting: Turbo Boost Plan, 52% Off]

... Altre caratteristiche che migliorano le prestazioni sono il supporto per i protocolli HTTP/3 e QUIC, Turbo Cache e varie ottimizzazioni software che riducono il tempo di caricamento delle pagine web. I principali CMS possono essere installti con un clic. L'utente può scegliere la posizione dei server in cui conservare i dati: Stati Uniti (Arizona e Michigan), Europa (Amsterdam) e Asia (Singapore).

< <https://www.punto-informatico.it/a2-hosting-piano-turbo-boost-sconto-52-percento/> https://www.punto-informatico.it/a2-hosting-piano-turbo-boost-sconto-52-percento/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Routing concepts you may have forgotten, part 3: Trust but verify BGP by George Michaelson

This post will talk about the risks inherent in this model of the routing world. They can be summarized with one key question — why believe this gossip?

< <https://blog.apnic.net/2021/09/16/part-3-trust-but-verify-bgp/> https://blog.apnic.net/2021/09/16/part-3-trust-but-verify-bgp/>

 

eu: Commission publishes study on the impact of Open Source on the European economy

The Commission has published the results of a study analysing the economic impact of Open Source Software and Hardware on the European economy.

< <https://digital-strategy.ec.europa.eu/en/news/commission-publishes-study-impact-open-source-european-economy> https://digital-strategy.ec.europa.eu/en/news/commission-publishes-study-impact-open-source-european-economy>

 

How to Embed Trust Into the Foundations of the Internet

Earlier this year, a digital artist conned unsuspecting NFT collectors to highlight a vulnerability in the way cryptographically secured assets are managed online. The anonymous artist, known by their twitter handle @neitherconfirm, sold a collection of stylized portraits as NFTs, but once sold, immediately changed the image file associated with the token to photos of rugs. And not even originals—just watermarked pictures of ugly carpets.

< <https://singularityhub.com/2021/09/19/how-to-embed-trust-into-the-foundations-of-the-internet/> https://singularityhub.com/2021/09/19/how-to-embed-trust-into-the-foundations-of-the-internet/>

 

Top 10 IPv4 to IPv6 Application Conversion Considerations for Enterprises

Nalini Elkins, Mike Ackermann, and Dhruv Dhody of INTC provide a checklist of the top 10 items enterprises should consider while converting applications to IPv6 and encourage individuals from organizations with private, managed networks to take a survey that will help pinpoint the issues many organizations are facing that will help ensure application conversion is not a roadblock to deploying IPv6.

< <https://teamarin.net/2021/09/14/top-10-ipv4-to-ipv6-application-conversion-considerations-for-enterprises/> https://teamarin.net/2021/09/14/top-10-ipv4-to-ipv6-application-conversion-considerations-for-enterprises/>

 

Internet Tech Standards Are the Next Human Rights Battleground

In the past few years, public awareness has grown about the race currently underway among states and corporations to dominate the development and deployment of new technologies. This isn’t only a race, however, to lock in the trade advantages that come with tech dominance. It is also a race to shape our societies and the values by which we live. And it is being run on many different tracks, some of them well-known by now—5G telecom networks and artificial intelligence—but others more obscure and unexpected.

< <https://www.worldpoliticsreview.com/articles/29936/internet-tech-standards-are-now-a-human-rights-issue> https://www.worldpoliticsreview.com/articles/29936/internet-tech-standards-are-now-a-human-rights-issue>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home