[Newsclips] IETF SYN-ACK Newspack 2022-10-31

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Cybernorms for a democratic internet: It is a mistake to frame the internet as a ‘Wild West’; it is time to demystify and de-obfuscate the role of nation states in the governance of the internet

... State actors’ presence in the internet is not widely depicted for public consumption—ostensibly because internet governance itself is rather arcane—but when they are, their behaviour is presented to us as modern iterations of old divisions. For instance, China has been increasing its strategic presence in intergovernmental spaces like the ITU and ISO (International Organisation for Standardisation) over the last 5-10 years to support its industry’s foothold in a range of frontier and cutting-edge technologies such as blockchain, machine learning-based biometric systems like facial recognition, Internet of Things (IoT), and smart cities. Most recently,  China expanded this strategy to industry-driven bodies like the Internet Engineering Taskforce (IETF) and Institute of Electrical and Electronics Engineers (IEEE). US and European foreign policy agendas have coordinated against technical proposals coming from China in the ITU, IETF, and elsewhere, from both governments and civil society. This critical analysis was presented under the headline, “The West’s Wakeup Call on Digital Tech Standards,” casting a binary approach to a critical but often misunderstood landscape that, as earlier mentioned, is formed by a myriad components, standard-makers, policymakers, technologists, and market actors.

< <https://www.orfonline.org/expert-speak/cybernorms-for-a-democratic-internet/> https://www.orfonline.org/expert-speak/cybernorms-for-a-democratic-internet/>

 

So long and thanks for all the bits: Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.

... 9. Standards are really boring, but really, really important: ... The other thing we’ve seen happen is individuals and companies making standards reflect their values in a narrow field, without much thought about what else could go wrong. Two examples here would be DNS-over-HTTPS (DOH) and the MASQUE protocols that underpin things like Apple Private Relay. Both of these were defined by the IETF, the organisation that sets the standards for the internet, which it does through humming.

< <https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits> https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits>

 

OARC-39: Notes on the Recent DNS Operations, Analysis, and Research Centre Workshop

... The IETF has produced standards for three distinct ways of doing this. The first is DNS over TLS (DoT) which sets up a TCP session between the client and the DNS resolver, and then starts a TLS session over that connection, and then passes queries and responses over this session.

< <https://www.potaroo.net/ispcol/2022-10/oarc39.html> https://www.potaroo.net/ispcol/2022-10/oarc39.html>

< <https://circleid.com/posts/20221025-oarc-39-notes-on-the-recent-dns-operations-analysis-and-research-centre-workshop> https://circleid.com/posts/20221025-oarc-39-notes-on-the-recent-dns-operations-analysis-and-research-centre-workshop>

 

Getting serious about the Internet and energy

Understanding the energy burdens of the modern Internet, and the implications of those burdens, was a strong theme at IETF 114 in Philadelphia. This is something we have covered a little on the APNIC Blog: I previously wrote about The potential impact of climate change on data services, and Tobias Fiebig has written 13 propositions on an Internet for a burning world.

< <https://blog.apnic.net/2022/10/27/getting-serious-about-the-internet-and-energy/> https://blog.apnic.net/2022/10/27/getting-serious-about-the-internet-and-energy/>

 

SPF, DKIM, DMARC and BIMI for Email Security

... The Brand Identifiers for Message Identification (BIMI) specification is a relative newcomer, with the IETF draft published in March 2021. This specification is an emerging security technology, that leverages SPF, DKIM and DMARC. If these three protocols successfully validate an email, then a logo is displayed in mail clients. This helps users to authenticate emails quickly and visually, whilst organisations appreciate the additional brand awareness associated with the prominent display of their brand logos in receiving users’ inboxes.

< <https://www.sentrium.co.uk/labs/spf-dkim-dmarc-and-bimi-for-email-security> https://www.sentrium.co.uk/labs/spf-dkim-dmarc-and-bimi-for-email-security>

< <https://securityboulevard.com/2022/10/spf-dkim-dmarc-and-bimi-for-email-security/> https://securityboulevard.com/2022/10/spf-dkim-dmarc-and-bimi-for-email-security/>

 

Honorary Degree recipients offer words of wisdom to Class of 2022

... Stephen Alan Emtage: ... After graduation, Emtage and Peter J. Deutsch cofounded Bunyip Information Systems, Inc., the world’s first company dedicated to Internet information services. Emtage went on to play a leading role in the evolution of Web technologies. He was a founding member of the Internet Society, a non-profit organization that promotes the development of the Internet as a global technical infrastructure, which formalized many of the standards for Web technology used today. He chaired several working groups at the IETF, including co-chairing the Uniform Resource Identifier working group, which created the standard for Uniform Resource Locators – more commonly known as URLs – the standard by which Web sites are accessed to this day. He has served on advisory panels for organizations including the National Science Foundation and the Library of Congress.

< <https://reporter.mcgill.ca/honorary-degree-recipients-offer-words-of-wisdom-to-class-of-2022/> https://reporter.mcgill.ca/honorary-degree-recipients-offer-words-of-wisdom-to-class-of-2022/>

 

Huawei’s Wang Tao outlines roadmap to drive Ultra-Broadband 5.5G

... IETF, IEEE, and other standards organizations are working together to accelerate this standardization work. With these, Net5.5G will achieve even larger bandwidth and realize flexible end-to-end SRv6 optimization by 2023. And by 2024 or 2025, IP networks will be able to sense computing power and applications, delivering more deterministic network experiences and service guarantee for more industrial scenarios. To complement these efforts, OMDIA is publishing a Net5.5G white paper at UBBF.

< <https://www.telecomlead.com/telecom-equipment/huaweis-wang-tao-outlines-roadmap-to-drive-ultra-broadband-5-5g-107307> https://www.telecomlead.com/telecom-equipment/huaweis-wang-tao-outlines-roadmap-to-drive-ultra-broadband-5-5g-107307>

 

Light + Building 2022 Show Report: Part 2 – KNX Association focus on Energy Management, the IoT and Security

... As for KNX IoT, this has completely different security. This uses security mechanisms such as SPARK2+, Oscore, oAuth2, etc, that were designed as RFCs (Request for Comments) by the IETF. Indeed, if a KNX IoT device were to eventually talk with a KNX TP device (assuming this also uses secure communication), then the gateway between KNX IoT and KNX TP would need to translate the KNX IoT security into the KNX Data security and vice versa.

< <https://www.knxtoday.com/2022/10/43965/light-building-2022-show-report-part-2-knx-association-focus-on-energy-management-the-iot-and-security.html> https://www.knxtoday.com/2022/10/43965/light-building-2022-show-report-part-2-knx-association-focus-on-energy-management-the-iot-and-security.html>

 

Quantensichere Verschlüsselungsalgorithmen: Das Post-Quanten-Zeitalter hat begonnen [Quantum-safe encryption algorithms: The post-quantum age has begun]

... Das Internet-Standarisierungsgremium IETF hat ebenfalls zwei Post-Quanten-Spezifikationen veröffentlicht: Das eXtended Merkle Signature Scheme (XMSS) wird in RFC 8391 beschrieben, während Leighton-Micali in RFC 8554 spezifiziert wird. Beide Verfahren dienen der digitalen Signatur. Eine Besonderheit dieser Algorithmen ist, dass für jede Signatur ein anderer Schlüssel zum Einsatz kommen muss – wird einer doppelt genutzt, dann entsteht eine Sicherheitslücke. Eine Implementierung muss daher eine „schwarze Liste“ der bereits verbrauchten Schlüssel führen.

< <https://www.security-insider.de/das-post-quanten-zeitalter-hat-begonnen-a-bc4f9c44e5e28a89e540ef4333bc1c2c/> https://www.security-insider.de/das-post-quanten-zeitalter-hat-begonnen-a-bc4f9c44e5e28a89e540ef4333bc1c2c/>

 

Il protocollo base per la sicurezza di Internet è vulnerabile: così si possono rubare i dati in rete [The basic protocol for Internet security is vulnerable: so you can steal data on the network]

... RPKI è stato standardizzato da IETF (RFC6480) nel 2012 dopo anni di lavoro. Il Department of Homeland Security (DHS) e il National Institute of Standards and Technology (NIST) hanno lavorato sulla sicurezza del protocollo BGP, per quasi un decennio (Durand, 2020 & NIST, 2016).

< <https://www.cybersecurity360.it/nuove-minacce/il-protocollo-base-per-la-sicurezza-di-internet-e-vulnerabile-cosi-si-possono-rubare-i-dati-in-rete/> https://www.cybersecurity360.it/nuove-minacce/il-protocollo-base-per-la-sicurezza-di-internet-e-vulnerabile-cosi-si-possono-rubare-i-dati-in-rete/>

 

Organizace IETF vydala RFC 9130, jeho spoluautorem je Ladislav Lhotka z CZ.NIC [The IETF has published RFC 9130, co-authored by Ladislav Lhotka from CZ.NIC]

Organizace IETF zveřejnila dokument RFC 9130 – YANG Data Model for the IS-IS Protocol, na němž se jako spoluautor podílel i Ladislav Lhotka z CZ.NIC. Tento dokument obsahuje poměrně rozsáhlý datový model v jazyku YANG, který umožňuje konfigurovat a spravovat směrovací protokol IS-IS ve směrovačích různých výrobců. Ladislav Lhotka se podílel také na úvodním návrhu datového modelu v návaznosti na obecný model pro IP směrování (RFC 8349).

< <https://www.root.cz/zpravicky/organizace-ietf-vydala-rfc-9130-jeho-spoluautorem-je-ladislav-lhotka-z-cz-nic/> https://www.root.cz/zpravicky/organizace-ietf-vydala-rfc-9130-jeho-spoluautorem-je-ladislav-lhotka-z-cz-nic/>

 

Organizace IETF zveřejnila dokument RFC 9130 - YANG Data Model for the IS-IS Protocol, na němž se jako spoluautor podílel i Ladislav Lhotka z CZ.NIC [The IETF has published RFC 9130 - YANG Data Model for the IS-IS Protocol, co-authored by Ladislav Lhotka from CZ.NIC]

Organizace IETF zveřejnila dokument RFC 9130 - YANG Data Model for the IS-IS Protocol, na němž se jako spoluautor podílel i Ladislav Lhotka z CZ.NIC. Tento dokument obsahuje poměrně rozsáhlý datový model v jazyku YANG, který umožňuje konfigurovat a spravovat směrovací protokol IS-IS ve směrovačích různých výrobců.

< <https://www.abclinuxu.cz/zpravicky/organizace-ietf-zverejnila-dokument-rfc-9130-yang-data-model-for-the-is-is-protocol-na-nemz-se-jako-spoluautor-podilel-i-ladislav-lhotka-z-cz.nic> https://www.abclinuxu.cz/zpravicky/organizace-ietf-zverejnila-dokument-rfc-9130-yang-data-model-for-the-is-is-protocol-na-nemz-se-jako-spoluautor-podilel-i-ladislav-lhotka-z-cz.nic>

 

环球热点！中文域名如何创建与普及？这部纪录片讲述了背后故事 [Global Hotspots! How are Chinese domain names created and popularized? This documentary tells the story behind it]

... 从研发中文域名的技术标准，到推动中文域名的应用普及，毛伟已经走过了近20年的艰辛历程。在获得国际权威组织的认可后，毛伟便与众多计算机科研专家一同投入到了中文域名技术标准的研发工作当中。在2006至2012年间，毛伟参与制定了IETF RFC4713、IETF RFC5336、ETF RFC6531等多项技术标准。2014年4月，”.网址“入根国际申请完成所有评审环节，正式写入全球互联网根域，成为新通用顶级域名的一份子。

< <http://ja.smartjx.com/cx/2022/1026/253015863.html> http://ja.smartjx.com/cx/2022/1026/253015863.html>

 

新5G规范有助于支持要求苛刻的应用 [The new 5G specification helps support demanding applications]

... 可以部署各种技术来支持5G传输网络中的新5G用例。其中包括以太网和以太网VPN等成熟技术（如先前的宽带论坛工作（如TR-350、TR-224和TR-221），以及来自宽带论坛合作伙伴（如IEEE 802、ITU-T SG15和IETF）的新兴技术。

< <http://www.qianjia.com/html/2022-10/24_395856.html> http://www.qianjia.com/html/2022-10/24_395856.html>

 

**********************

SECURITY & PRIVACY

**********************

Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn

Organizations have five days to prepare for what the OpenSSL Project on Oct. 26 described as a "critical" vulnerability in versions 3.0 and above of the nearly ubiquitously used cryptographic library for encrypting communications on the Internet.

< <https://www.darkreading.com/vulnerabilities-threats/prepare-critical-flaw-openssl-security-experts-warn> https://www.darkreading.com/vulnerabilities-threats/prepare-critical-flaw-openssl-security-experts-warn>

 

Is it possible for encryption to harm cybersecurity?

The DNS is the directory of the World Wide Web, converting URLs into IP addresses in order to allow software to locate content. In addition to acting as a simple directory, some network operators use the DNS as a control mechanism to restrict access to certain content, for example using parental controls, malware filtering and other options. This applies to both ISPs offering services over public networks and enterprises running their own private corporate networks and can apply to content deemed, for example, unsuitable, illegal or malicious.

< <https://blog.apnic.net/2022/10/24/is-it-possible-for-encryption-to-harm-cybersecurity/> https://blog.apnic.net/2022/10/24/is-it-possible-for-encryption-to-harm-cybersecurity/>

 

Browser-powered desync attacks: A new frontier in HTTP request smuggling

The recent rise of HTTP request smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end… until now.

< <https://blog.apnic.net/2022/10/28/browser-powered-desync-attacks-a-new-frontier-in-http-request-smuggling/> https://blog.apnic.net/2022/10/28/browser-powered-desync-attacks-a-new-frontier-in-http-request-smuggling/>

 

ACC-Turbo mitigates pulse-wave DDoS attacks using programmable switches

Pulse-wave DDoS attacks have recently managed to take down critical network infrastructure causing enormous financial and reputational damage. In contrast to conventional DDoS attacks, which grow steadily and persist longer in time, pulse-wave DDoS attacks are composed of short-duration, high-rate traffic pulses.

< <https://blog.apnic.net/2022/10/26/acc-turbo-mitigates-pulse-wave-ddos-attacks-using-programmable-switches/> https://blog.apnic.net/2022/10/26/acc-turbo-mitigates-pulse-wave-ddos-attacks-using-programmable-switches/>

 

**********************

INTERNET OF THINGS

**********************

U.S. Department of Commerce Appoints Members for New Internet of Things Advisory Board

The U.S. Department of Commerce has appointed 16 experts for the new Internet of Things Advisory Board (IoTAB), to advise the Internet of Things Federal Working Group. The advisory board includes a wide range of stakeholders outside of the federal government with expertise relating to the Internet of Things (IoT).

< <https://www.hstoday.us/industry/industry-news/u-s-department-of-commerce-appoints-members-for-new-internet-of-things-advisory-board/> https://www.hstoday.us/industry/industry-news/u-s-department-of-commerce-appoints-members-for-new-internet-of-things-advisory-board/>

 

NIST Announces New Internet of Things Advisory Board

Sixteen professionals hailing from the private and public sectors will form the inaugural Internet of Things Advisory Board within the Department of Commerce, a body of experts whose job will be to advise the larger IoT Federal Working Group.

< <https://www.nextgov.com/emerging-tech/2022/10/nist-announces-new-internet-things-advisory-board/378861/> https://www.nextgov.com/emerging-tech/2022/10/nist-announces-new-internet-things-advisory-board/378861/>

 

U.S. Department of Commerce Appoints Members for New Internet of Things Advisory Board

The U.S. Department of Commerce has appointed 16 experts for the new Internet of Things Advisory Board (IoTAB), to advise the Internet of Things Federal Working Group. The advisory board includes a wide range of stakeholders outside of the federal government with expertise relating to the Internet of Things (IoT).

< <https://www.nist.gov/news-events/news/2022/10/us-department-commerce-appoints-members-new-internet-things-advisory-board> https://www.nist.gov/news-events/news/2022/10/us-department-commerce-appoints-members-new-internet-things-advisory-board>

 

Security fears raised about home devices and apps

Imagine if you had to pledge loyalty to the Chinese state just to use a bathroom mirror or a lightbulb. There is a chance you already have but did not know it.

< <https://www.rnz.co.nz/news/national/477559/security-fears-raised-about-home-devices-and-apps> https://www.rnz.co.nz/news/national/477559/security-fears-raised-about-home-devices-and-apps>

 

Creating programmable 5G systems for the Industrial IoT

In close collaboration with the operational technology company ABB, we have developed and tested a prototype of a programmable 5G system and successfully integrated it with an ABB automation system. Beyond demonstrating the advantages of using 5G to support industrial automation solutions, the ABB proof of concept highlights the importance of emerging 3GPP standards to address the expectations of industry verticals with regard to system integration. 

< <https://www.ericsson.com/en/reports-and-papers/ericsson-technology-review/articles/creating-programmable-5g-systems-for-the-industrial-iot> https://www.ericsson.com/en/reports-and-papers/ericsson-technology-review/articles/creating-programmable-5g-systems-for-the-industrial-iot>

 

Hackers increasingly targeting Internet of Things devices

In the last quarter of this year there has been a 98% rise in malware detected targeting Internet of Things devices, according to a new report by threat intelligence agency SonicWall. It comes as the number of never-before-seen malware variants also spiked, rising by 22% year-on-year.

< <https://techmonitor.ai/technology/cybersecurity/hackers-targeting-internet-of-things-devices> https://techmonitor.ai/technology/cybersecurity/hackers-targeting-internet-of-things-devices>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Using TLS for active server fingerprinting

Finding new ways to collect information about a network and limit the meta-data exposed to others is a constant struggle we see in research as this data can be used for both benign and malicious intentions. In this article, I’ll show how exposed data can even be used to identify potentially malicious servers.

< <https://blog.apnic.net/2022/10/25/using-tls-for-active-server-fingerprinting/> https://blog.apnic.net/2022/10/25/using-tls-for-active-server-fingerprinting/>

 

Reducing the acknowledgement frequency in IETF QUIC

Summary: Satellite networks usually use in-network methods (such as Performance Enhancing Proxies for TCP) to adapt the transport to the characteristics of the forward and return paths. QUIC is a transport protocol that prevents the use of in–network methods. This paper explores the use of the recently–standardised IETF QUIC protocol with a focus on the implications on performance when using different acknowledgement policies to reduce the number of packets and volume of bytes sent on the return path. Our analysis evaluates a set of ACK policies for three IETF QUIC implementations, examining performance over cellular, terrestrial and satellite networks. It shows that QUIC performance can be maintained even when sending fewer acknowledgements, and recommends a new QUIC acknowledgement policy that adapts QUIC's ACK Delay value based on the path RTT to ensure timely feedback. The resulting policy is shown to reduce the volume/rate of traffic sent on the return path and associated processing costs in endpoints, without sacrificing throughput.

< <https://onlinelibrary.wiley.com/doi/full/10.1002/sat.1466> https://onlinelibrary.wiley.com/doi/full/10.1002/sat.1466>

 

State of Solana Q3 2022

... Despite the market headwinds during Q2, Solana continued implementing solutions to expand its ecosystem and improve network reliability. To improve network reliability and reduce downtime during periods of congestion, core developers built out QUIC and a novel fee prioritization mechanism. The solutions were clearly working by the end of Q2 as degraded network performance stabilized. Additionally, the team implemented strategies to expand the ecosystem through the rollout of NFT marketplaces, progress toward EVM compatibility, advancement of Solana Pay, and Solana Mobile.

< <https://messari.io/report/state-of-solana-q3-2022> https://messari.io/report/state-of-solana-q3-2022>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Sophia Muirhead Is IEEE’s Next Executive Director: She is the organization’s current general counsel

Sophia “Sophie” Muirhead is the IEEE’s next executive director and chief operating officer. She is the first woman to hold the position. She is set to start her new job on 1 January, succeeding Stephen Welby.

< <https://spectrum.ieee.org/ieee-executive-director-sophia-muirhead> https://spectrum.ieee.org/ieee-executive-director-sophia-muirhead>

 

W3C Workshop Report: WCG and HDR for the Web

W3C is pleased to announce the report from the W3C Workshop on Wide Color Gamut and High Dynamic Range for the Web, held online in July-September 2021.

< <https://www.w3.org/blog/news/archives/9731> https://www.w3.org/blog/news/archives/9731>

 

Last Call for Review of Proposed Corrections: CSS Containment Module Level 1

The CSS Working Group has proposed corrections to the W3C Recommendation of CSS Containment Module Level 1.

< <https://www.w3.org/blog/news/archives/9727> https://www.w3.org/blog/news/archives/9727>

 

First Public Working Draft: Portable Network Graphics (PNG) Specification (Third Edition)

The PNG Working Group has published a First Public Working Draft of the Portable Network Graphics (PNG) Specification (Third Edition).

< <https://www.w3.org/blog/news/archives/9718> https://www.w3.org/blog/news/archives/9718>

 

This chip transmits an internet’s worth of data every second

A power-hungry internet that requires less electricity. High-powered computers that rival NASA’s. Broadband speeds that could boggle the mind.

< <https://www.washingtonpost.com/technology/2022/10/27/laser-powered-chip-internet-data-transfer/> https://www.washingtonpost.com/technology/2022/10/27/laser-powered-chip-internet-data-transfer/>

 

Agencies behind on IPv6 likely to attract OMB’s attention, says task force chief

Agencies that fall behind moving their networked information systems to Internet Protocol Version 6 will be more closely monitored by the likes of the Office of Management and Budget, according to the chair of the Federal IPv6 Task Force.

< <https://www.fedscoop.com/ipv6-transition-lag-omb/> https://www.fedscoop.com/ipv6-transition-lag-omb/>

 

Your network is more ready than you think for the quantum Internet

At the recent APNIC 54 conference, we sat down with local keynote speaker Alexander Ling, Director of Singapore’s Quantum Engineering Programme, in his offices at the National University of Singapore’s Centre for Quantum Technologies. In this episode, Alex will give us a brief 101 on quantum networking — given it may be a relatively new concept for many of you, even though it’s been in development for quite some time — and discuss its current and pending use cases in the next three to five years, including via satellite technology.

< <https://blog.apnic.net/2022/10/27/your-network-is-more-ready-than-you-think-for-the-quantum-internet/> https://blog.apnic.net/2022/10/27/your-network-is-more-ready-than-you-think-for-the-quantum-internet/>

 

APrIGF 2022: Inclusion of persons with disabilities in the ICT job sector

How can we in the tech community work together to create an accessible environment to train and employ more people with disability?

< <https://blog.apnic.net/2022/10/26/aprigf-2022-inclusion-of-persons-with-disabilities-in-the-ict-job-sector/> https://blog.apnic.net/2022/10/26/aprigf-2022-inclusion-of-persons-with-disabilities-in-the-ict-job-sector/>

 

RPKI secures BGP internet routing system

Last month, the Platform for Internet Standards introduced a new version of the Internet.nl test portal. On the upgraded portal, support for the RPKI security standard is now checked as part of the website and mail tests.

< <https://www.sidn.nl/en/news-and-blogs/rpki-secures-bgp-internet-routing-system> https://www.sidn.nl/en/news-and-blogs/rpki-secures-bgp-internet-routing-system>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home