[Newsclips] IETF SYN-ACK Newspack 2021-08-30

[David Goldstein <david@goldsteinreport.com>]

Hi IETF Participants,

 

Thanks today to Bron Gondwana for sending through an interview he recently was involved in on how the internet works, which I’ve included in “News From IETF Participants”. Please don’t forget to send through any news, interviews or anything else you’re involved in that’s relevant to the IETF so I can include it in the news and spread the word among the rest of the IETF community!

 

And just the usual reminder, the IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

Enjoy your week and stay safe!

David

 

**********************

IETF IN THE NEWS

**********************

A brief history of the RFC format by George Michaelson

Geoff Huston recently discussed the processes behind putting together an RFC, and the history of why they came to be, so today we’re going to explore another aspect of what makes RFCs the way they are — their plain text format.

< <https://blog.apnic.net/2021/08/26/a-brief-history-of-the-rfc-format/> https://blog.apnic.net/2021/08/26/a-brief-history-of-the-rfc-format/>

 

Call for Papers: Workshop on Analyzing IETF Data (AID)

The IAB has issued a call for papers for a Workshop on Analyzing IETF Data (AID).

< <https://www.iab.org/2021/08/25/call-for-papers-workshop-on-analyzing-ietf-data-aid/> https://www.iab.org/2021/08/25/call-for-papers-workshop-on-analyzing-ietf-data-aid/>

 

Why You Suddenly Need To Delete Google Chrome

A shocking new tracking admission from Google, one that hasn’t yet made headlines, should be a serious warning to Chrome’s 2.6 billion users. If you’re one of them, this nasty new surprise should be a genuine reason to quit. ... “Research has shown that up to 52 companies can theoretically observe up to 91% of the average user’s web browsing history,” a senior Chrome engineer told a recent Internet Engineering Task Force call, “and 600 companies can observe at least 50%.”

< <https://www.forbes.com/sites/zakdoffman/2021/08/28/stop-using-google-chrome-on-windows-10-android-and-apple-iphones-ipads-and-macs/> https://www.forbes.com/sites/zakdoffman/2021/08/28/stop-using-google-chrome-on-windows-10-android-and-apple-iphones-ipads-and-macs/>

< <https://www.bollyinside.com/news/why-do-you-need-to-remove-google-chrome-all-of-a-sudden> https://www.bollyinside.com/news/why-do-you-need-to-remove-google-chrome-all-of-a-sudden>

 

HID Global extends its HID IdenTrust Certificate Authority (CA) offering to include Timestamping-as-a-Service

... HID Global has met the Internet Engineering Task Force (IETF) standards RFC 3161 requirements for operating as a Timestamping Authority (TSA). The company is also one of the world’s pioneering CAs and providers of digital certificate products.

< <https://www.sourcesecurity.com/news/hid-global-extends-hid-identrust-certificate-co-823-ga.1629870267.html> https://www.sourcesecurity.com/news/hid-global-extends-hid-identrust-certificate-co-823-ga.1629870267.html>

 

Internet-Protokolle: Wie China IPv4 zugunsten von IPv6 ablöst [Internet protocols: How China is replacing IPv4 in favor of IPv6]

Experten werben seit Jahren für den Umstieg auf IPv6. In China macht sich die Regierung wiederholt die Argumente von Fachleuten zu eigen und boxt sie durch. ... Das bestätigen auch Xie Hongfeng, Li Cong, Ma Chenhao und Yuan Quanxin in einem Bericht des Netzbetreibers China Telekom. In dem 2020 bei der Internet Engineering Task Force erschienenen Dokument führen sie auf, dass ihr Unternehmen IPv6 erstmals 2001 getestet hat und ab 2012 Feldversuche zur Einführung in Metro-Netzen startete. Daraus hätten sich dauerhafte Angebote für 10 Millionen Nutzer entwickelt.

< <https://www.heise.de/news/Internet-Protokolle-Wie-China-IPv4-zugunsten-von-IPv6-abloest-6171126.html> https://www.heise.de/news/Internet-Protokolle-Wie-China-IPv4-zugunsten-von-IPv6-abloest-6171126.html>

 

FFV1, un format vidéo sans perte et libre, normalisé à l'IETF [FFV1, a lossless and free video format, standardized to the IETF]

Si la compression vidéo sans perte est moins tendance que celle avec perte, elle reste utile dans certains domaines (par exemple l’archivage, que ce soit pour son stockage ou sa transmission, qu’il concerne des enregistrements de procès importants pour l’histoire ou le dernier blockbuster à la mode).

< <https://linuxfr.org/news/ffv1-un-format-video-sans-perte-et-libre-normalise-a-l-ietf> https://linuxfr.org/news/ffv1-un-format-video-sans-perte-et-libre-normalise-a-l-ietf>

 

Los 30 años de las páginas web [The 30 years of web pages]

... También vale la pena mencionar el papel de Internet Society (ISOC), una organización global sin ánimo de lucro dedicada al desarrollo mundial de la red, fundada en 1992 por la Internet Engineering Task Force (IETF). La ISOC busca que la Internet sea abierta, transparente e incluyente.

< <https://www.lapatria.com/opinion/columnas/elizabeth-ramirez-correa/los-30-anos-de-las-paginas-web> https://www.lapatria.com/opinion/columnas/elizabeth-ramirez-correa/los-30-anos-de-las-paginas-web>

 

"La privacidad se convierte en un elemento estructural dentro de la publicidad digital", M. Lekaroz (IAB) ["Privacy becomes a structural element within digital advertising", M. Lekaroz (IAB)]

... Por último, Lekaroz afirma que el tercero de sus objetivos es dar respuesta al nuevo paradigma de llevar a cabo una publicidad sostenible basada en la privacidad: «La privacidad ya no es un elemento de moda, la privacidad se convierte en un elemento estructural dentro de la publicidad digital. desde la IAB estamos trabajando mucho y muy bien; apoyando a las diferentes iniciativas que hay, teniendo nuestra propia solución de identificación para tráfico no registrado que es el IETF, yo creo que estamos en una buena línea de trabajo».

< <https://www.marketingdirecto.com/especiales/reportajes-a-fondo/privacidad-convierte-elemento-estructural-dentro-publicidad-digital-lekaroz-iab> https://www.marketingdirecto.com/especiales/reportajes-a-fondo/privacidad-convierte-elemento-estructural-dentro-publicidad-digital-lekaroz-iab>

 

Las manos que controlan la Red: ¿quiénes son los dueños de Internet? [The hands that control the Internet: who are the owners of the Internet?]

... Internet Engineering Task Force (IETF): Además de la ICANN, otros organismos regulan ciertos aspectos de Internet. El Grupo de Trabajo de Ingeniería de Internet (IETF) es una organización internacional sin ánimo de lucro que se fundó en Estados Unidos, en 1986.

< <https://computerhoy.com/reportajes/tecnologia/quien-controla-internet-918177> https://computerhoy.com/reportajes/tecnologia/quien-controla-internet-918177>

 

¿Por qué de repente necesitas eliminar Google Chrome? [Why do you suddenly need to remove Google Chrome?]

... No es así, admitió Google de repente. Dijo a la IETF que “la superficie de huellas dactilares de hoy, incluso sin FLoC, es bastante fácil para identificar a los usuarios de forma única”, pero “FLoC agrega el nuevo Superficies de huellas dactilares ”. Permítanme traducir eso, tal como advirtió el lobby de la privacidad, FLoC hace que las cosas sucedan. peor, no mejor.

< <https://www.topprofes.com/por-que-de-repente-necesitas-eliminar-google-chrome/> https://www.topprofes.com/por-que-de-repente-necesitas-eliminar-google-chrome/>

 

辽将遴选约10所高校试点数字校园 [Liao will select about 10 colleges and universities to pilot digital campuses]

... IPv6是英文“Internet Protocol Version 6”（互联网协议第6版）的缩写，是互联网工程任务组（IETF）设计的用于替代IPv4的下一代IP协议，其地址数量号称可以为全世界的每一粒沙子编上一个地址。由于IPv4最大的问题在于网络地址资源不足，严重制约了互联网的应用和发展。IPv6的使用，不仅能解决网络地址资源数量的问题，而且也解决了多种接入设备连入互联网的障碍。

< <http://liaoning.lnd.com.cn/system/2021/08/26/030248917.shtml> http://liaoning.lnd.com.cn/system/2021/08/26/030248917.shtml>

 

**********************

NEWS FROM IETF PARTICIPANTS

**********************

Open Internet Standards with Bron Gondwana

Have you ever wondered how the Internet works, how it’s governed, or why some devices and services work together and others don’t? In the final episode of this season, Fastmail CEO, Bron Gondwana answers these questions and more, so you can learn how standards make the Internet better for everyone. Get a crash course about open standards, how they work, and why we need to support organizations that use them. Bron and show host Fastmail’s CTO, Ricardo Signes, talk about JMAP, an open standard for email that Fastmail’s developers produced, which is moving email forward. ... Discussion Points: ... Standards work a lot like language, they evolve and are built onto over time. Most of the standards work that Bron does is in an organization called the Internet Engineering Task Force (IETF), which has been around for the past 50 years. Many of the devices you have in your home have IETF standards built into them.

< <https://www.fastmail.com/digitalcitizen/open-internet-standards-with-bron-gondwana/> https://www.fastmail.com/digitalcitizen/open-internet-standards-with-bron-gondwana/>

 

**********************

SECURITY & PRIVACY

**********************

Biden calls on tech giants to ‘raise the bar’ on cybersecurity

US President Joe Biden urged Big Tech leaders to step up their game in enhancing the country’s cybersecurity following a series of high-profile cyber-attacks in recent months.

< <https://www.euractiv.com/section/cybersecurity/news/biden-calls-on-tech-giants-to-raise-the-bar-on-cybersecurity/> https://www.euractiv.com/section/cybersecurity/news/biden-calls-on-tech-giants-to-raise-the-bar-on-cybersecurity/>

 

Tech companies pledge billions in cybersecurity investments

Some of the country’s leading technology companies have committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers, the White House announced Wednesday following President Joe Biden’s private meeting with top executives.

< <https://apnews.com/article/business-apple-inc-00a31a944d465a93f1f1110a8e6d5a5c> https://apnews.com/article/business-apple-inc-00a31a944d465a93f1f1110a8e6d5a5c>

 

Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.

< <https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/> https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/>

 

5 Items to Monitor to Detect DDoS Attacks

DDoS attacks have steadily increased over the last 18 months, despite being overshadowed by malware attacks and ransomware. ... Here are five network packet types and protocols commonly abused in DDoS attacks and guidance on how best to monitor them.

< <https://www.nextgov.com/ideas/2021/08/5-items-monitor-detect-ddos-attacks/184874/> https://www.nextgov.com/ideas/2021/08/5-items-monitor-detect-ddos-attacks/184874/>

 

Multi-Signer DNSSEC models

Increasingly, many organizations are employing multiple distinct providers to cooperatively operate their Domain Name System (DNS) service. This allows them to survive the complete and catastrophic failure of any single provider, with no downtime. If these organizations are additionally deploying DNS Security Extensions (DNSSEC — a system to verify the authenticity of DNS data), this can pose some challenges depending on the specific features in use.

< <https://blog.apnic.net/2021/08/25/multi-signer-dnssec-models/> https://blog.apnic.net/2021/08/25/multi-signer-dnssec-models/>

 

DNS Abuse Definition: Attributes of Mitigation by Graeme Bunton

A substantial amount of DNS community discussion on the topic of DNS Abuse is focused on defining what is or is not DNS Abuse. The definition adopted by ICANN contracted parties, as well as the DNS Abuse Institute, is straightforward: DNS Abuse is malware, botnets, pharming, phishing, and spam where it's a vehicle for the preceding harms. There is, of course, some fuzziness on the margins, where technical harms are also using content.

< <https://dnsabuseinstitute.org/dns-abuse-definition-attributes-of-mitigation/> https://dnsabuseinstitute.org/dns-abuse-definition-attributes-of-mitigation/>

 

What is hitting our honeypots?

In recent months, we’ve been sharing information collected by APNIC honeypots with our community at several conferences, seminars, and workshops. ‘Information’ here basically means observations from the logs/traffic, as well as artefacts collected (such as scripts and binaries). For those who are not familiar with APNIC’s Community Honeynet Project, you can check out some of the previous posts on this topic.

< <https://blog.apnic.net/2021/08/23/what-is-hitting-our-honeypots/> https://blog.apnic.net/2021/08/23/what-is-hitting-our-honeypots/>

 

Biden calls on tech giants to ‘raise the bar’ on cybersecurity

US President Joe Biden urged Big Tech leaders to step up their game in enhancing the country’s cybersecurity following a series of high-profile cyber-attacks in recent months.

< <https://www.euractiv.com/section/cybersecurity/news/biden-calls-on-tech-giants-to-raise-the-bar-on-cybersecurity/> https://www.euractiv.com/section/cybersecurity/news/biden-calls-on-tech-giants-to-raise-the-bar-on-cybersecurity/>

 

Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.

< <https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/> https://blog.google/technology/safety-security/why-were-committing-10-billion-to-advance-cybersecurity/>

 

Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement

Cataclysmic breaches and a woeful shortage of a trained cybersecurity workforce prompted the Biden Administration to haul a collection of the biggest names in business into a White House cybersecurity summit this week, to talk about what they plan to do about it. The outcome of the talks falls short of what’s needed, researchers say.

< <https://threatpost.com/wh-cybersecurity-summit-regulation-enforcement/169002/> https://threatpost.com/wh-cybersecurity-summit-regulation-enforcement/169002/>

 

Draft of ETSI Coordinated vulnerability disclosure guide available for public comments

ETSI will soon release a Guide to Coordinated Vulnerability Disclosure. Before publication, it made the draft publicly available for comments.

< <https://www.etsi.org/newsroom/news/1962-draft-of-etsi-coordinated-vulnerability-disclosure-guide-available-for-public-comments> https://www.etsi.org/newsroom/news/1962-draft-of-etsi-coordinated-vulnerability-disclosure-guide-available-for-public-comments>

 

**********************

INTERNET OF THINGS

**********************

An Internet of Things Service Roadmap

The Internet of things (IoT) is taking the world by storm, thanks to the proliferation of sensors and actuators embedded in everyday things, coupled with the wide availability of high-speed Internet and evolution of the 5th-generation (5G) networks. IoT devices are increasingly supplying information about the physical environment (for example, infrastructure, assets, homes, and cars). The advent of IoT is enabling not only the connection and integration of devices that monitor physical world phenomena (for example, temperature, pollution, energy consumption, human activities, and movement), but also data-driven and AI-augmented intelligence. At all levels, synergies from advances in IoT, data analytics, and artificial intelligence (AI) are firmly recognized as strategic priorities for digital transformation.

< <https://cacm.acm.org/magazines/2021/9/255046-an-internet-of-things-service-roadmap/fulltext> https://cacm.acm.org/magazines/2021/9/255046-an-internet-of-things-service-roadmap/fulltext>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Microsoft Embracing Native QUIC in Newer Windows OSes and Edge Browser

Microsoft this week described QUIC, an Internet transport layer protocol alternative to the venerable Transmission Control Protocol (TCP), in an announcement. ... QUIC was originally devised by Google, which defined it as "Quick UDP Internet Connections." However, the Internet Engineering Task Force uses QUIC as the name of the protocol, and doesn't consider it to be an acronym. The Internet Engineering Task Force is planning to describe QUIC's HTTP mapping as "HTTP/3," a new standard that is nearing completion. 

< <https://redmondmag.com/articles/2021/08/26/native-quic-in-windows-edge.aspx> https://redmondmag.com/articles/2021/08/26/native-quic-in-windows-edge.aspx>

 

Build verified code with F*: Microsoft Research’s new language makes code safer and more secure.

As much as we’ve abstracted and industrialized programming, under the hood it’s still math. The underlying mathematics of software drive our programming languages and our algorithms, providing tools and concepts we use to build code. ... Project Everest has been used to build parts of the HTTPS stack already, including the TLS-1.3 record layer. This is an important part of the protocol, acting as the bridge between applications and the internals of HTTPS. It manages encrypted messages and needs to be secure to ensure that the only weak point in the system is its cryptographic libraries. By implementing it in F*, Project Everest has been able to ensure that the record layer itself is secure, with the resulting miTLS code forming part of Microsoft’s implementation of the QUIC HTTP standard.

< <https://www.infoworld.com/article/3630209/build-verified-code-with-f.html> https://www.infoworld.com/article/3630209/build-verified-code-with-f.html>

 

Progress will be removing support for TLS 1.0 and 1.1 protocols 

On September 8th, 2021 Progress will be removing support for TLS 1.0 and 1.1 protocols. Progress is discontinuing the support for these protocols to ensure Progress web services are using industry standard security protocols.

< <https://www.telerik.com/blogs/progress-removing-support-tls-1.0-and-1.1-protocols> https://www.telerik.com/blogs/progress-removing-support-tls-1.0-and-1.1-protocols>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Beijing’s growing influence on internet rules

Setting technical standards for data transmission may seem like a job strictly for engineers. However, the process can be highly political, as it confers power on the standard-setters – both in gaining commercial leverage for their countries’ products and in influencing how the network is accessed and used.

< <https://www.dandc.eu/en/article/chinas-technological-clout-may-influence-internet-governance> https://www.dandc.eu/en/article/chinas-technological-clout-may-influence-internet-governance>

 

Meet McLean Residents Bob Kahn And Vint Cerf. They Invented The Internet.

The indisputable inventors of one of the greatest planet-changing instruments of all time live a few minutes apart in McLean and have lived in Northern Virginia for four decades.

< <https://northernvirginiamag.com/culture/culture-features/2021/07/23/meet-mclean-residents-bob-kahn-and-vint-cerf-they-invented-the-internet/> https://northernvirginiamag.com/culture/culture-features/2021/07/23/meet-mclean-residents-bob-kahn-and-vint-cerf-they-invented-the-internet/>

 

IAB Seeks Feedback on Candidate for ICANN NomCom; Nominations remain open

As previously announced, the IAB (on behalf of the IETF) has been asked to supply a member to the 2022 ICANN Nominating Committee (NomCom) by mid-September 2021. After extending the call for nominations, one candidate has accepted a nomination:

< <https://www.iab.org/2021/08/26/iab-seeks-feedback-on-candidate-for-icann-nomcom-nominations-remain-open/> https://www.iab.org/2021/08/26/iab-seeks-feedback-on-candidate-for-icann-nomcom-nominations-remain-open/>

 

Top Programming Languages 2021: Python dominates as the de facto platform for new technologies

Learn Python. That's the biggest takeaway we can give you from its continued dominance of IEEE Spectrum's annual interactive rankings of the top programming languages. You don't have to become a dyed-in-the-wool Pythonista, but learning the language well enough to use one of the vast number of libraries written for it is probably worth your time.

< <https://spectrum.ieee.org/top-programming-languages-2021> https://spectrum.ieee.org/top-programming-languages-2021>

 

The game theory behind running CUBIC and BBR on the Internet

In 2016, Google introduced BBR, a new congestion control algorithm that abandons the traditional loss-based approach to congestion control and instead uses RTT and bandwidth estimates to infer congestion.

< <https://blog.apnic.net/2021/08/24/the-game-theory-behind-running-cubic-and-bbr-on-the-internet/> https://blog.apnic.net/2021/08/24/the-game-theory-behind-running-cubic-and-bbr-on-the-internet/>

 

China issues draft guidelines for internet recommendation algorithms

China has issued draft guidelines on regulating the algorithms used by internet service providers to make recommendations to users, part of efforts to protect the privacy and data security of users, the internet regulator said on Friday.

< <https://www.reuters.com/technology/china-issues-draft-guidelines-internet-recommendation-algorithms-2021-08-27/> https://www.reuters.com/technology/china-issues-draft-guidelines-internet-recommendation-algorithms-2021-08-27/>

 

Beijing’s growing influence on internet rules

Setting technical standards for data transmission may seem like a job strictly for engineers. However, the process can be highly political, as it confers power on the standard-setters – both in gaining commercial leverage for their countries’ products and in influencing how the network is accessed and used.

< <https://www.dandc.eu/en/article/chinas-technological-clout-may-influence-internet-governance> https://www.dandc.eu/en/article/chinas-technological-clout-may-influence-internet-governance>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home