[Newsclips] IETF SYN-ACK Newspack 2020-06-29

David Goldstein <david@goldsteinreport.com> Mon, 29 June 2020 06:20 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84A5E3A08C1 for <newsclips@ietfa.amsl.com>; Sun, 28 Jun 2020 23:20:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AtkMQ5x4pF92 for <newsclips@ietfa.amsl.com>; Sun, 28 Jun 2020 23:20:33 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0750E3A08BB for <newsclips@ietf.org>; Sun, 28 Jun 2020 23:20:32 -0700 (PDT)
Received: from DavidDesktop2019 (unknown [101.180.99.189]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id BFC27298966 for <newsclips@ietf.org>; Mon, 29 Jun 2020 02:20:29 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 101.180.99.189) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: David Goldstein <david@goldsteinreport.com>
To: newsclips@ietf.org
Date: Mon, 29 Jun 2020 16:20:29 +1000
Organization: Goldstein Report
Message-ID: <001701d64ddd$64ffb880$2eff2980$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0018_01D64E31.36AC16A0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdZN2CAqTtWhKiOXTV+CI9Tmog0rmA==
Content-Language: en-au
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/GqAG_oX1eWXh8qtGpvxa1-BH0gM>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-06-29
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2020 06:20:38 -0000

Thanks for being a vanguard subscriber to the IETF SYN-ACK Newspack. This week the IETF wants you to complete the SYN-ACK handshake and share your feedback.

 

We need your feedback to make it better. If you could take 2 minutes to complete the 6-question survey, it would mean a lot. Results go directly to IETF. To complete the brief survey, go to:

https://www.surveymonkey.com/r/2DYNMNC

 

Don’t forget, the IETF SYN-ACK Newspack aims to help track where, when, and how IETF-related issues are presented in a variety of news outlets and other online publications around the world.

 

**********************

IETF IN THE NEWS

**********************

A collaborative approach to encrypted traffic

... Another observation in the internet evolution is the increasing deployment of encryption, both in applications and in transport layer protocols. The use of HTTPS for web traffic is up almost 200 percent in the last three years. QUIC, a new fully encrypted transport protocol, is expected to complete IETF standardization in 2020. In November of 2019, around 10 percent of internet traffic consisted of proprietary QUIC versions from companies such as Google and Facebook . In previous blog posts, we explained how QUIC can become a vehicle for transport protocol evolution and how it’s suitable for achieving the goals of the 5G network architecture.

<https://www.ericsson.com/en/blog/2020/6/a-collaborative-approach-to-encrypted-traffic>

 

Xfinity Internet Joins Firefox’s Recursive Resolver Program, Committing to Customer Privacy Protection

... Comcast launched public beta testing of DoH in October 2019. Since then, the company has continued to improve the service and has collaborated with others in the industry via the Internet Engineering Task Force (IETF), the Encrypted DNS Deployment Initiative (EDDI), and other industry organizations around the world. This collaboration also helps to ensure that users’ security and parental control functions that depend on DNS are not disrupted in the upgrade to encryption whenever possible.

<https://corporate.comcast.com/press/releases/comcast-xfinity-internet-firefox-trusted-recursive-resolver-program-customer-privacy>

<https://blog.mozilla.org/blog/2020/06/25/comcasts-xfinity-internet-service-joins-firefoxs-trusted-recursive-resolver-program/>

 

Comcast, Mozilla strike privacy deal to encrypt DNS lookups in Firefox

... Mozilla and Comcast haven't said exactly when Comcast's encrypted DNS will be available on Firefox. Whenever it happens, the change should be automatic for users unless they've chosen a different DoH provider or disabled DoH altogether. Comcast told Ars yesterday that "Firefox users on Xfinity should automatically default to Xfinity resolvers under Mozilla's Trusted Recursive Resolver program, unless they have manually chosen a different resolver, or if DoH is disabled. The precise mechanism is still being tested and the companies plan to document it soon in an IETF Draft."

<https://arstechnica.com/tech-policy/2020/06/comcast-mozilla-strike-privacy-deal-to-encrypt-dns-lookups-in-firefox/>

 

Comcast first ISP to sign up for Mozilla's TRR program

... Comcast launched public beta testing of DoH in October. Since then, it has continued to improve the service and has collaborated with others in the industry via the Internet Engineering Task Force (IETF), the Encrypted DNS Deployment Initiative (EDDI), and other industry organizations around the world.

<https://www.fiercetelecom.com/telecom/comcast-first-isp-to-sign-up-for-mozilla-s-trr-program>

 

Comcast Turns into the First ISP To Be part of Mozilla's TRR Program

... When the change occurs, it will be automated for customers until they’ve chosen a special DoH supplier or disabled DoH altogether. Comcast informed Ars yesterday that “Firefox customers on Xfinity ought to mechanically default to Xfinity resolvers underneath Mozilla’s Trusted Recursive Resolver program, until they’ve manually chosen a special resolver, or if DoH is disabled. The exact mechanism continues to be being examined and the businesses plan to doc it quickly in an IETF [Internet Engineering Task Force] Draft.”

<https://www.editorials360.com/2020/06/26/comcast-turns-into-the-first-isp-to-be-part-of-mozillas-trr-program/>

 

A practical strategy for a common network data layer (Reader Forum)

... From a technical perspective the common requirements on standard interfaces (3GPP or IETF) are balanced today by considerations on interoperability, synchronization and consistency models, data access management, distribution, scale of access and management utilities. Specifically, the question is whether fast read/access time be matched with:

<https://www.rcrwireless.com/20200625/opinion/readerforum/practical-strategy-for-common-network-data-layer-reader-forum>

 

Differenze tra Protocolli HTTP/1.1, HTTP/2 e HTTP/3 QUIC [Differences between HTTP/1.1, HTTP/2, and HTTP/3 QUIC Protocols]

... Il gruppo di lavoro QUIC è stato istituito nel 2016 per standardizzare il protocollo all’interno della Internet Engineering Task Force (IETF) e, nell’ottobre 2018, i gruppi di lavoro HTTP e QUIC della IETF hanno deciso congiuntamente di chiamare in anticipo la mappatura HTTP su QUIC “HTTP/3” di renderlo uno standard mondiale. IETF ha convertito QUIC in quello che è noto come “IETF-QUIC (o iQUIC)” che basa la sua crittografia e sicurezza su TLS 1.3 invece dell’approccio personalizzato utilizzato da gQUIC.

<https://www.evemilano.com/protocolli-http/>

 

แอปเปิลรองรับ DNS เข้ารหัสแบบ DoH/DoT บน iOS 14 และ macOS 11 [Apple supports DoH/DoT encryption DNS on iOS 14 and macOS 11]

... นอกจากการรองรับ DoH/DoT แล้วแอปเปิลยังระบุว่ากำลังร่วมมือกับ IETF ในการออกแบบมาตรฐาน ESNI ที่จะทำให้ผู้ที่เห็นทราฟิกไม่สามารถบอกได้อีกว่าทราฟิกนี้เป็นของโดเมนใด โดยแอปเปิลไม่ได้ระบุว่าจะเริ่มทดสอบในเวอร์ชั่นนี้เลยหรือไม่

<https://www.blognone.com/node/117192>

 

**********************

INTERNET OF THINGS

**********************

Driving innovation in fleet management through Internet of Things

The road leads to reaching the Sustainable Development Goals, but how do we drive that road? A new solution devised by Microsoft and UNDP uses the Internet of Things technology to connect vehicle fleets. Thus, country offices and field operations can pursue their mission while reducing environmental impact, saving vital funds and bolstering donor confidence, and keeping staff and host communities secure.

<https://www.undp.org/content/undp/en/home/news-centre/announcements/2020/Driving_innovation_in_fleet_management_through_Internet_of_Things.html>

 

NIST Provides Important Guidance For IOT Industry

More prevalent than ever before, Internet of Things (“IOT”) devices, a term that includes connected “smart” devices, such as internet connected TVs, wearables, smart speakers, such as the Amazon Echo and Google Home, are fast becoming a staple of how we interact with each other, and obtain and consume entertainment and information.  We have previously written about California’s legislation requiring manufacturers to provide reasonable security features “appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, [and] designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” The National Institute of Standards and Technology (“NIST”) has recently published two concurrent publications that provide exciting new guidance in this space.

<https://www.natlawreview.com/article/nist-provides-important-guidance-iot-industry>

 

IoT Device Cybersecurity Capability Core Baseline

Abstract: Device cybersecurity capabilities are cybersecurity features or functions that computing devices provide through their own technical means (i.e., device hardware and software). This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of device capabilities generally needed to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The purpose of this publication is to provide organizations a starting point to use in identifying the device cybersecurity capabilities for new IoT devices they will manufacture, integrate, or acquire.

<https://www.nist.gov/publications/iot-device-cybersecurity-capability-core-baseline>

 

Foundational Cybersecurity Activities for IoT Device Manufacturers

Abstract: Internet of Things (IoT) devices often lack device cybersecurity capabilities their customers-- organizations and individuals--can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving how securable the IoT devices they make are by providing necessary cybersecurity functionality and by providing customers with the cybersecurity-related information they need. This publication describes recommended activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices.

<https://www.nist.gov/publications/foundational-cybersecurity-activities-iot-device-manufacturers>

 

**********************

SECURITY & PRIVACY

**********************

The additional complications in DNS updates that secondary DNS servers add

I was recently reading Julia Evans' What happens when you update your DNS? (which is a great clear explanation of what it says), and it brought back some painful memories of the old days (which are still the current days for some people), which I might as well share.

<https://utcc.utoronto.ca/~cks/space/blog/sysadmin/DNSUpdatesAndSecondaries?showcomments>

 

How the pandemic affected DDoS attack patterns, global internet traffic

There has been a shift in internet traffic patterns coinciding with an increase in DDoS and other types of network attacks in recent months as organizations across industries quickly transitioned to remote workforces and individuals under stay-at-home orders began relying on the internet more heavily, according to Neustar.

<https://www.helpnetsecurity.com/2020/06/19/internet-traffic-patterns-ddos/>

 

Cybercrime Infrastructure Never Really Dies

Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.

<https://www.darkreading.com/attacks-breaches/cybercrime-infrastructure-never-really-dies/d/d-id/1338154>

 

Long-Term Effects of COVID-19 on the Cybersecurity Industry

Experts have written much in the last couple of months about COVID-19 and its impact on cybersecurity. From ensuring colleagues can work from home securely to defending geopolitically fueled cyber exchanges, dealing with COVID-19 has dominated the consciousness of the cybersecurity industry.

<https://www.darkreading.com/vulnerabilities---threats/long-term-effects-of-covid-19-on-the-cybersecurity-industry-/a/d-id/1338080>

 

Marking the 30th Anniversary of the Internet and Cybersecurity Treaty by Anthony Rutkowski

Next week on 1 July 2020 marks the 30th anniversary of one of the most significant treaty instruments in modern times. On 1 July 1990, the Melbourne Treaty came into force as the first and only global treaty that enabled worldwide internets and mobile networks to exist, together with the cybersecurity provisions designed to protect those infrastructures. The achievement remains as an enduring tribute to Richard Edmund Butler of Australia who was one of the most influential, and best-loved Secretaries-General of the ITU.

<http://www.circleid.com/posts/20200622-marking-30th-anniversary-of-the-internet-and-cybersecurity-treaty/>

 

Why 83% of Large Companies Are Vulnerable to This Basic Domain Hack

A recent study shows that companies can't defend against potentially catastrophic domain name hijacks.

<https://www.inc.com/adam-levin/why-83-of-large-companies-are-vulnerable-to-this-basic-domain-hack.html>

 

Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai

On June 21, 2020, Akamai mitigated the largest packet per second (PPS) DDoS attack ever recorded on the Akamai platform. The attack generated 809 million packets per second (Mpps), targeting a large European bank.

<https://blogs.akamai.com/2020/06/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html>

 

Imbalancing Act: Shift in Consumer Behaviour Spotlights Growing Cybersecurity Concerns, World Economic Forum Says

The rapid increase in cyberattacks and pressures escalating from the abrupt step change to digital prompted by COVID-19 have shifted consumer behaviour. The findings of a new report released today by the World Economic Forum Platform for Cybersecurity and Digital Trust emphasize the vital role of cybersecurity in technological development and point to how companies can significantly reduce cyber risk – a necessity today, not a nice to have.

<https://www.weforum.org/press/2020/06/imbalancing-act-shift-in-consumer-behaviour-spotlights-growing-cybersecurity-concerns-world-economic-forum-says>

 

EU Cybersecurity: A newly-formed stakeholders group will work on the cybersecurity certification framework

The Commission and the European Agency for Cybersecurity (ENISA) announced today the creation of the Stakeholders Cybersecurity Certification Group (SCCG), which will advise them on strategic issues regarding cybersecurity certification, while at the same time it will assist the Commission in the preparation of the Union rolling work programme.

<https://www.enisa.europa.eu/news/enisa-news/first-meeting-of-the-stakeholders-cybersecurity-certification-group-sccg>

<https://ec.europa.eu/digital-single-market/en/news/eu-cybersecurity-newly-formed-stakeholders-group-will-work-cybersecurity-certification>

 

The EU Cybersecurity Act’s first anniversary: one step closer to a cyber secure Europe

On 27 June 2020, the European Union Agency for Cybersecurity (ENISA) celebrates the first anniversary of the EU Cybersecurity Act (CSA) and its strengthened role towards securing Europe’s information society. The CSA gave the Agency a permanent mandate, a new list of tasks and increased resources, and also established the EU cybersecurity certification framework.

<https://www.enisa.europa.eu/news/enisa-news/the-eu-cybersecurity-act2019s-first-anniversary-one-step-closer-to-a-cyber-secure-europe>

 

The Age of Quantum Computing Has Arrived

... In theory, quantum computing would help solve equations and create simulations that are beyond the reach of even the most powerful supercomputer. This would allow for far more accurate real-world modeling, generating significant advances in medical research, weather forecasting, particle physics, and AI, among others. The transformative potential exists for many fields, but, without question, quantum computing’s most destabilizing potential is in the field of cybersecurity.

<https://www.missioncriticalmagazine.com/articles/93066-the-age-of-quantum-computing-has-arrived>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Apple’s Safari Adds Support for HTTP3 in iOS 14 and macOS 11

... HTTP/3 is the next version of the Hypertext Transfer Protocol and in “layman’s terms” can be described as: HTTP/3 is the third version of the Hypertext Transfer Protocol (HTTP), previously known as HTTP-over-QUIC. QUIC (Quick UDP Internet Connections) was initially developed by Google and is the successor of HTTP/2. Companies such as Google and Facebook have already been  using QUIC to speed up the web.

<https://www.iphoneincanada.ca/news/apple-safari-http3-ios-14/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home