[Newsclips] IETF SYN-ACK Newspack 2021-11-15

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

ICANN and IETF Publish Guidance on How to Use IANA Protocol Parameter Data

Today, ICANN announces that it has issued a joint statement with the IETF Trust confirming that the data in the Protocol Registries are intended to be used freely by any party for any purpose. This includes hundreds of thousands of technical data points, all of which have a common purpose of supporting the interoperability of the Internet.

< <https://www.icann.org/en/announcements/details/icann-and-ietf-publish-guidance-on-how-to-use-iana-protocol-parameter-data-10-11-2021-en> https://www.icann.org/en/announcements/details/icann-and-ietf-publish-guidance-on-how-to-use-iana-protocol-parameter-data-10-11-2021-en>

 

Compatibility within utilities metering

... These efforts have led the DLMS User Association to release the new DLMS profile over LoRaWAN in 2020, making DLMS the first Internet-based application protocol standard to be supported over LoRaWAN. This is made possible with mandatory use of the adaptation layer standardized by the IETF (RC8724 and RFC9011).

< <https://www.smart-energy.com/industry-sectors/data_analytics/compatibility-within-utilities-metering/> https://www.smart-energy.com/industry-sectors/data_analytics/compatibility-within-utilities-metering/>

 

Un nouvel internet décentralisé, ou Web 3.0, est-il possible ? [Is a new decentralized internet, or Web 3.0, possible?]

... Une poignée d’entreprises détiennent un quasi-monopole au sein de l’internet dans les domaines critiques des services (moteurs de recherche, courrier électronique, etc.), des infrastructures (transit mondial, réseaux de distribution de contenu, services de cloud computing, etc.) et même, dans une certaine mesure, de la normalisation de l’internet (IETF, ICANN/IANA, W3C, etc.). L’équation est sans précédent, et leur position est devenue quasiment inexpugnable.

< <https://www.cointribune.com/tribunes/tribune-du-droit-fiscalite/un-nouvel-internet-decentralise-ou-web-3-0-est-il-possible/> https://www.cointribune.com/tribunes/tribune-du-droit-fiscalite/un-nouvel-internet-decentralise-ou-web-3-0-est-il-possible/>

 

Blok: Facebookstoring had geen gevolgen voor bedrijfsvoering overheid [Block: Facebook outage had no consequences for government business operations]

... "Het BGP-protocol heeft in deze correct gefunctioneerd", aldus de minister, die opmerkt dat BGP wordt ontwikkeld onder de vlag van de IETF. "De doorontwikkeling van een dergelijke essentiële standaard is complex en vereist een wereldwijde consensus tussen betrokken en deskundige partijen", gaat Blok verder. "Om bij deze casus te blijven, ook Facebook neemt deel aan de IETF. Nederland staat voor het multi-stakeholder model van internet governance, waarvan de IETF een goed voorbeeld is. Het kabinet ziet naar aanleiding van deze casus geen noodzaak de werkwijze van de IETF ter discussie stellen."

< <https://www.security.nl/posting/729634/Blok%3A+Facebookstoring+had+geen+gevolgen+voor+bedrijfsvoering+overheid> https://www.security.nl/posting/729634/Blok%3A+Facebookstoring+had+geen+gevolgen+voor+bedrijfsvoering+overheid>

 

Intervju sa Vintom Serfom: Do kraja osamdesetih internet je bio akademska tema [Vint Serf interview: By the end of the 1980s, the internet was an academic topic]

Mali je broj poznavalaca informacionih tehnologija kojima ime Vint Serf (Vinton Cerf) ne zvuči poznato. Neko će ga nazvati pionirom ili ocem interneta, neko internet evanđelistom kompanije Gugl, neko će pomenuti anegdotu da je lik Arhitekte iz popularnog filma Matriks inspirisan upravo Vintom… Drugi će, pak, reći da je najpoznatiji po tome što je zajedno sa Bobom Kanom dizajnirao jedan od najvažnijih internet protokola – TCP (Transmission Control Protocol). ... Objasnio je kako su institucije važne za upravljanje internetom nastale iz potrebe, počevši od ICANN-a, IETF-a, Internet društva i drugih. Prateći hronologiju razvoja, svaka je osnivana onda kada je postojala potreba da se neki problem reši ili da se znanju i resursima pristupi na sistematičan način.

< <https://pcpress.rs/intervju-sa-vintom-serfom-do-kraja-osamdesetih-internet-je-bio-akademska-tema/> https://pcpress.rs/intervju-sa-vintom-serfom-do-kraja-osamdesetih-internet-je-bio-akademska-tema/>

 

Σε ποιον ανήκει το Internet [Who owns the Internet?]

... Υπάρχει επίσης το IANA, το IETF, το Internet Architecture Board (IAB), το Internet Research Task Force (IRTF) και το IEEE Standards Association. Καθένας από αυτούς τους οργανισμούς έχει σημαντικό ρόλο στη ρύθμιση του Διαδικτύου με τη μορφή ανάπτυξης προτύπων, άμεσης επίβλεψης ορισμένων κρίσιμων ρόλων ή διατήρησης βάσεων δεδομένων που είναι κεντρικές για τη συνεχή λειτουργία του Διαδικτύου.

< <https://iguru.gr/poion-anikei-internet/> https://iguru.gr/poion-anikei-internet/>

 

「盘中宝」下一代互联网商业应用解决方案，明确2023年底试点工作取得明显成效，该公司已在这些产品实现技术运用，助力三大运营商改造 [The "Panzhongbao" next-generation Internet business application solution has made it clear that the pilot work at the end of 2023 has achieved significant results. The company has implemented technology applications in these products to help the three major operators to transform]

... IPv6是国际标准化组织IETF（互联网工作任务组）制定的下一代互联网协议版本，能够提供充足的网络地址资源和广阔的创新空间，是全球公认的下一代互联网商业应用解决方案。工业和信息化部连续三年先后开展“IPv6网络就绪”“IPv6端到端贯通”“IPv6流量提升”等系列专项工作，取得积极进展。移动网络IPv6流量从无到有，占比达到 22.87%。

< <https://www.sohu.com/a/500590039_222256> https://www.sohu.com/a/500590039_222256>

 

財華聚焦|多部門深入推進IPv6，有哪些投資機會？[Caihua Focus | What are the investment opportunities for multiple departments to promote IPv6 in depth?]

... IPv6（互聯網協議第6版）是由互聯網工程任務組（IETF）設計用於替代IPv4的下一代IP協議，是網際協議的最新版本。IPv6的出現和普及有效緩解和解決IPv4地址枯竭問題。截至2018年1月，全球上網人數已達40.21億，IPv4僅能提供約42.9億個IP位置。雖然目前網絡地址轉換及無類别域間路由等技術可延緩網絡位置匮乏的現象，但尋找及規劃IPv4的下一代協議是解決IP地址短缺的根本性辦法。

< <https://www.finet.hk/newscenter/news_content/618e4c4e53243c63b2de5bee> https://www.finet.hk/newscenter/news_content/618e4c4e53243c63b2de5bee>

 

声网赵斌：实时音视频渗透率将超50%，万象图谱赋能全球场景创新 [Shengwang Zhao Bin: Real-time audio and video penetration rate will exceed 50%, Vientiane Atlas empowers global scene innovation]

... 个人认为，过去一年最具历史意义的是RTE行业标准的正式化。2021年1月26日，W3C和IETF同时宣布WebRTC成为正式标准。作为标志，这意味着实时音视频将被带入Web的任何地方，为WebRTC第一代技术的标准化进程划上了完美句号；同时，也意味着对下一代WebRTC技术、行业、标准进化等方面的探讨将正式提上议事日程。

< <https://www.36kr.com/p/1481303581082248> https://www.36kr.com/p/1481303581082248>

 

Как защитить бизнес в интернете от мошенников и хакеров: руководство к действию [How to protect your business on the Internet from scammers and hackers: a guide to action]

... Инсталлируйте DNSSEC – пакет расширений протокола IETF. Это уменьшит количество случаев подмены DNS.

< <https://www.seonews.ru/analytics/kak-zashchitit-biznes-v-internete-ot-moshennikov-i-khakerov-rukovodstvo-k-deystviyu/> https://www.seonews.ru/analytics/kak-zashchitit-biznes-v-internete-ot-moshennikov-i-khakerov-rukovodstvo-k-deystviyu/>

 

**********************

SECURITY & PRIVACY

**********************

RSA vs ECDSA for DNSSEC by Geoff Huston

It’s often said the good thing about technology standards is that there are just so many to pick from! The same is true, to perhaps a more limited extent, in the world of cryptography. The choices may not be quite so diverse, but there are still many crypto algorithms to choose from.

< <https://blog.apnic.net/2021/11/10/rsa-vs-ecdsa-for-dnssec/> https://blog.apnic.net/2021/11/10/rsa-vs-ecdsa-for-dnssec/>

 

ALPACA attack: Analysing and mitigating cracks in TLS authentication

If you are responsible for a web server, you already use Transport Layer Security (TLS, the ‘S’ in ‘HTTPS’) to protect your users from man-in-the-middle attackers that could otherwise passively sniff website cookies or actively inject malicious JavaScript.

< <https://blog.apnic.net/2021/11/10/alpaca-attack-analysing-and-mitigating-cracks-in-tls-authentication/> https://blog.apnic.net/2021/11/10/alpaca-attack-analysing-and-mitigating-cracks-in-tls-authentication/>

 

DNS-over-TCP considered vulnerable

IP fragmentation is a process that breaks large packets into smaller packets to allow them to more easily traverse a network. The process is common in the DNS, which is predominantly UDP based.

< <https://blog.apnic.net/2021/11/09/dns-over-tcp-considered-vulnerable/> https://blog.apnic.net/2021/11/09/dns-over-tcp-considered-vulnerable/>

 

Tabletop exercise hosted by Europol to disrupt terrorist content online

On 5 November 2021, Europol, in cooperation with the European Commission, organised a tabletop exercise to test the implementation of the EU Crisis Protocol. The exercise took place in the framework of the EU Internet Forum and examined the collaboration between government authorities and the tech industry to contain the viral spread of terrorist and violent extremist content online in the aftermath of a terrorist event. Among the tested elements was real-time communication between governments and online service providers and the interaction of processes when more than one crisis mechanism (sector/geography-specific) is initiated.

< <https://www.europol.europa.eu/newsroom/news/tabletop-exercise-hosted-europol-to-disrupt-terrorist-content-online> https://www.europol.europa.eu/newsroom/news/tabletop-exercise-hosted-europol-to-disrupt-terrorist-content-online>

 

In a quantum future, our economy needs to be protected. A cyber security expert explains why 

The privacy of online communication is currently protected by cryptography, which shields information as it travels around the internet. It secures everything from making online purchases to accessing work email remotely. With capabilities of quantum computing growing rapidly, industry experts reckon that it will take at least another 10 years before quantum computers with very large numbers of qubits are available.

< <https://www.weforum.org/agenda/2021/11/in-a-quantum-future-our-economy-needs-to-be-protected-a-cybersecurity-expert-explains-why/> https://www.weforum.org/agenda/2021/11/in-a-quantum-future-our-economy-needs-to-be-protected-a-cybersecurity-expert-explains-why/>

 

The FBI’s email system was hacked to send out fake cybersecurity warnings

Hackers targeted the Federal Bureau of Investigation’s (FBI) email servers, sending out thousands of phony messages that say its recipients have become the victims of a “sophisticated chain attack,” first reported by Bleeping Computer. The emails were initially uncovered by The Spamhaus Project, a nonprofit organization that investigates email spammers.

< <https://www.theverge.com/2021/11/14/22781341/fbi-email-system-hacked-fake-cybersecurity-warnings> https://www.theverge.com/2021/11/14/22781341/fbi-email-system-hacked-fake-cybersecurity-warnings>

 

Hackers Compromise FBI Email System to Spam Fake Cybersecurity Alerts

Tens of thousands of people received fake email alerts on Friday and Saturday purporting to come from the Federal Bureau of Investigation after hackers compromised an FBI-run online portal.

< <https://gizmodo.com/hackers-compromise-fbi-email-system-to-spam-fake-cybers-1848055664> https://gizmodo.com/hackers-compromise-fbi-email-system-to-spam-fake-cybers-1848055664>

 

Flaws in Nucleus embedded TCP/IP stack puts critical systems at risk

Security researchers have uncovered serious vulnerabilities in the TCP/IP stack of a real-time operating system (RTOS) called Nucleus that's used in safety-critical devices across many industry verticals.

< <https://www.csoonline.com/article/3640451/flaws-in-the-nucleus-embedded-tcp-ip-stack-puts-critical-systems-at-risk.html> https://www.csoonline.com/article/3640451/flaws-in-the-nucleus-embedded-tcp-ip-stack-puts-critical-systems-at-risk.html>

< <https://www.arnnet.com.au/article/693017/flaws-nucleus-embedded-tcp-ip-stack-puts-critical-systems-risk/> https://www.arnnet.com.au/article/693017/flaws-nucleus-embedded-tcp-ip-stack-puts-critical-systems-risk/>

 

The 9th edition of the ENISA Threat Landscape Report

The ENISA Threat Landscape Report (ETL) maps the cyber threat landscape to help decision-makers, policy-makers and security specialists define strategies to defend citizens, organisations and cyberspace.

< <https://digital-strategy.ec.europa.eu/en/news/9th-edition-enisa-threat-landscape-report> https://digital-strategy.ec.europa.eu/en/news/9th-edition-enisa-threat-landscape-report>

 

DDoS attacks in Q3 grow by 24%, become more sophisticated

When compared to Q3 2020, the total number of DDoS attacks increased by nearly 24%, while the total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year. Some of the most notable targets were tools to fight the pandemic, government organizations, game developers, and well-known cybersecurity publications.

< <https://www.kaspersky.com/about/press-releases/2021_ddos-attacks-in-q3-grow-by-24-become-more-sophisticated> https://www.kaspersky.com/about/press-releases/2021_ddos-attacks-in-q3-grow-by-24-become-more-sophisticated>

 

DDoS Attacks Shatter Records in Q3, Report Finds

The third quarter saw the sheer volume of DDoS attacks surge to several thousand hits per day, signaling a re-distribution of tactics by malicious actors away from cryptomining and toward the use of DDoS as a tool of intimidation, disinformation and straight-up extortion.

< <https://threatpost.com/ddos-attacks-records-q3/176082/> https://threatpost.com/ddos-attacks-records-q3/176082/>

 

Tabletop exercise hosted by Europol to disrupt terrorist content online

On 5 November 2021, Europol, in cooperation with the European Commission, organised a tabletop exercise to test the implementation of the EU Crisis Protocol. The exercise took place in the framework of the EU Internet Forum and examined the collaboration between government authorities and the tech industry to contain the viral spread of terrorist and violent extremist content online in the aftermath of a terrorist event. Among the tested elements was real-time communication between governments and online service providers and the interaction of processes when more than one crisis mechanism (sector/geography-specific) is initiated.

< <https://www.europol.europa.eu/newsroom/news/tabletop-exercise-hosted-europol-to-disrupt-terrorist-content-online> https://www.europol.europa.eu/newsroom/news/tabletop-exercise-hosted-europol-to-disrupt-terrorist-content-online>

 

**********************

INTERNET OF THINGS

**********************

UL Launches SafeCyber Platform to Secure IoT

The Underwriters Laboratories — the safety organization that tests and certifies appliances for electrical safety — has launched its new SafeCyber Digital Security Platform to secure connected devices.

< <https://www.darkreading.com/dr-tech/ul-launches-safecyber-platform-to-secure-iot> https://www.darkreading.com/dr-tech/ul-launches-safecyber-platform-to-secure-iot>

 

NZ pours billions into IoT - so what are we doing to secure it?

The internet of things (IoT), broadly defined, comprises devices and sensors that connect to a service or network through the internet.

< <https://futurefive.co.nz/story/nz-pours-billions-into-iot-so-what-are-we-doing-to-secure-it> https://futurefive.co.nz/story/nz-pours-billions-into-iot-so-what-are-we-doing-to-secure-it>

 

Smart cities need a back-up plan: Cities Today

Severe weather events around the world this year, including floods, wildfires, heatwaves and hurricanes, have tragically claimed lives and wreaked destruction on cities, buildings and landscapes.

< <https://www.itu.int/en/myitu/News/2021/11/08/11/26/Smart-cities-resilience-digital-services-Cities-Today> https://www.itu.int/en/myitu/News/2021/11/08/11/26/Smart-cities-resilience-digital-services-Cities-Today>

 

What is LoRaWAN and why is it taking over the Internet of Things?

Marc Pegulu, vice president of IoT product marketing and strategy for Semtech’s Wireless and Sensing Products Group, discusses how LoRaWAN is disrupting the Internet of Things

< <https://www.information-age.com/what-is-lorawan-why-is-it-taking-over-internet-of-things-123497659/> https://www.information-age.com/what-is-lorawan-why-is-it-taking-over-internet-of-things-123497659/>

 

Age Matters: How Generational Decision-Making Cohorts Affect Disruptive Technology New Product Development

Abstract: The Internet of Things (IoT), a worldwide network of interconnected objects uniquely addressable, based on standard communication protocols, has become a disruptive technology, even for decision-makers who develop products based on them. It was reported in 2015 and 2018 that decision-makers associated with the Fortune 1000 firms stated that they were hesitant to use IoT-based value propositions, primarily due to privacy and security concerns. In this article, we view decision-maker willingness to develop IoT-based products through the lens of the social construction of technology (SCOT) theory.

< <https://ieeexplore.ieee.org/document/9600003> https://ieeexplore.ieee.org/document/9600003>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Microsoft legt Version 1.0 des Reverse Proxy YARP vor [Microsoft presents version 1.0 of the reverse proxy YARP]

Auf der diesjährigen .NET Conf legt Microsoft auch die erste Hauptversion des Reverse Proxy YARP vor (Yet Another Reverse Proxy). Das auf GitHub gehostete Open-Source-Projekt baut auf .NET auf. Künftig soll es als ein wichtiger Teil des .NET-Netzwerk-Stacks sowohl Client- als auch Server-APIs unterstützen und gleichzeitig als Proxy funktionieren, der auch neuere Protokolle wie HTTP/2 oder das für HTTP/3 vorgesehene QUIC beherrscht. Laut der Ankündigung im Microsoft-Blog zeichnet sich YARP vor allem durch seine umfassende Anpassungsfähigkeit aus, die es erlaubt, den Proxy gezielt auf unterschiedlichste Anwendungsszenarien zuzuschneiden.

< <https://www.heise.de/news/Microsoft-legt-Version-1-0-des-Reverse-Proxy-YARP-vor-6263917.html> https://www.heise.de/news/Microsoft-legt-Version-1-0-des-Reverse-Proxy-YARP-vor-6263917.html>

 

Microsoft liefert .NET 6 aus [Microsoft Ships .NET 6]

... Zur Verschlüsselung bietet .NET 6 zusätzlich den symmetrischen Algorithmus ChaCha20-Poly1305 nach RFC 8439. Als plattformneutrale Alternative zu den Windows Performance Countern liefert .NET 6 nun eine Implementierung von Open Telemetry. Den kommenden HTTP/3-Standard auf Basis von QUIC liefert Microsoft als Preview-Feature mit.

< <https://www.heise.de/news/Microsoft-liefert-NET-6-aus-6261722.html> https://www.heise.de/news/Microsoft-liefert-NET-6-aus-6261722.html>

 

自动驾驶软件架构之中间件与 SOA (上）[Middleware and SOA of Autonomous Driving Software Architecture (Part 1)]

TCP与 UDP是在几十年前设计的，当时以太网速度慢、延迟长、错误率高。尤其是TCP协议很多特性都是为了在网络基础设施不理想的情况下保证可靠性。而且这几十年的协议发展速度非常的慢。SOME/IP 协议文档中虽然说了传输层基于TCP或 UDP，但实际工程上，使用其它协议也无不可。在传输层，为了解决 TCP 协议的一些问题，也发展出一些新的协议。如 SCTP 和 QUIC。

< <https://www.ednchina.com/technews/13153.html> https://www.ednchina.com/technews/13153.html>

 

**********************

OTHERWISE NOTEWORTHY

**********************

EU must agree on common standards for industry if NIS2 is to become a success.

The ITRE committee in the European Parliament on October 28th 2021 approved the provisions of the NIS2 directive. This law will introduce new rules across the 27 member states of the EU to improve the security of networks and information systems. This is a very important piece of legislation.

< <https://www.euractiv.com/section/5g/opinion/eu-must-agree-on-common-standards-for-industry-if-nis2-is-to-become-a-success/> https://www.euractiv.com/section/5g/opinion/eu-must-agree-on-common-standards-for-industry-if-nis2-is-to-become-a-success/>

 

What every IT person needs to know about OpenBSD Part 3: That packet filter

‘Functional, free and secure by default’, OpenBSD remains a crucial yet largely unacknowledged player in the open-source field.

< <https://blog.apnic.net/2021/11/11/openbsd-part-3-that-packet-filter/> https://blog.apnic.net/2021/11/11/openbsd-part-3-that-packet-filter/>

 

Notes from NANOG 83 by Geoff Huston 

The network operations community is cautiously heading back into a mode of in-person meetings and the NANOG meeting at the start of November was a hybrid affair with a mix of in-person and virtual participation, both by the presenters and the attendees. I was one of the virtual mob, and these are my notes from the presentations I found to be of personal interest. I hope you might also find them to be of interest as well.

< <https://www.potaroo.net/ispcol/2021-11/nanog83.html> https://www.potaroo.net/ispcol/2021-11/nanog83.html>

 

EU must agree on common standards for industry if NIS2 is to become a success by David Harmon, EU Huawei Cybersecurity and Privacy Director.

The ITRE committee in the European Parliament on October 28th 2021 approved the provisions of the NIS2 directive. This law will introduce new rules across the 27 member states of the EU to improve the security of networks and information systems. This is a very important piece of legislation.

< <https://www.euractiv.com/section/5g/opinion/eu-must-agree-on-common-standards-for-industry-if-nis2-is-to-become-a-success/> https://www.euractiv.com/section/5g/opinion/eu-must-agree-on-common-standards-for-industry-if-nis2-is-to-become-a-success/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home