[Newsclips] IETF SYN-ACK Newspack 2020-06-08

David Goldstein <david@goldsteinreport.com> Mon, 08 June 2020 13:53 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDE203A0815 for <newsclips@ietfa.amsl.com>; Mon, 8 Jun 2020 06:53:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uu_FBjQ9_69c for <newsclips@ietfa.amsl.com>; Mon, 8 Jun 2020 06:52:58 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 193DA3A0819 for <newsclips@ietf.org>; Mon, 8 Jun 2020 06:52:57 -0700 (PDT)
Received: from DGSurfaceBook (unknown [121.209.41.42]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id DECCE280848 for <newsclips@ietf.org>; Mon, 8 Jun 2020 09:52:53 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 121.209.41.42) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DGSurfaceBook
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 8 Jun 2020 23:52:41 +1000
Message-ID: <000201d63d9c$18f01cb0$4ad05610$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01D63DEF.EAB33720"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdY9m/c81byh10IRRvqMRVFreig2qw==
Content-Language: en-au
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/QVqd7owa7Qqf62PW_i6j-Y7zr_s>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-06-08
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 13:53:02 -0000

**********************

IETF IN THE NEWS

**********************

Huawei's proposal to replace TCP/IP is going nowhere fast

Why it matters: One reason the Internet remains a good place for freedom of expression and governments have a difficult time censoring and controlling it, is the very language that networks adhere to in order to facilitate communications between them. However, Chinese companies such as Huawei think that we need a new, "more dynamic IP addressing system," one that might also lead to a less open and free Internet. ... Others, such as the IETF have also dismissed the proposal as "harmful" and its premises as factually incorrect. The organization says there's no evidence of the "need for a monolithic 'New IP' designed from the top down."

<https://www.techspot.com/news/85504-huawei-proposal-replace-tcpip-going-nowhere-fast.html>

 

A developer’s take on IPv6 and DHCP by Tomek Mrugalski

I have been involved in Dynamic Host Configuration Protocol (DHCP) software development for 17 years. It all started in 2003 when I wrote my master’s thesis — an experimental DHCPv6 implementation for Linux. Back in the day, IPv6 was a novelty. The IETF RFC documents that defined it were a bit over four years old. Geeks experimented with it, but production deployments were almost non-existent. When I learned about IPv6, I was instantly on-board with the idea. I was thinking about the best way to help the cause and the thesis was a perfect fit. ... Another effect of the Amsterdam meeting was me getting involved in the IETF. Being a DHCP guy, it was natural for me to get into DHCP drafts. My first RFC was RFC 6334, which defined a DS-Lite option.

<https://blog.apnic.net/2020/06/01/a-developers-take-on-ipv6-and-dhcp/>

 

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running its NX-OS software to install updates to address a serious flaw that allows a remote attacker to bypass network access controls and route malicious internet traffic to internal networks. ... The IETF RFC 2003 specification for the IP-in-IP tunneling protocol allows for IP packets to be wrapped or encapsulated inside other IP packets, with the traffic remaining unencrypted at all times.

<https://www.zdnet.com/article/cisco-warns-these-nexus-switches-have-been-hit-by-a-serious-security-flaw/>

 

The Pro AV Power 20 rankings: 20-16

... 16: Aidan Williams, CEO, Audinate: Aidan Williams is co-founder and CEO of Audinate. While at the National ICT Australia (NICTA), he was the driving force behind the digital audio networking project that developed the fundamental audio networking technology behind Dante. Prior to joining NICTA, Aidan was at Motorola Labs in Sydney where he worked on advanced networking technologies including zero-configuration IP networking, IPv6, reliable multicast, mobile ad-hoc networking and residential gateways. He is an inventor on 20 patents related to IP networking. Williams participates in several standards bodies and industry alliances, including the IETF.

<https://www.installation-international.com/events/the-pro-av-power-20-rankings-20-16>

 

Tackling the complexities of IP-based broadcast operations

... Monitoring, Diagnostics, and Troubleshooting: The standards used at the application layer are critical to making all of this work. They include not only SMPTE ST 2110 and other standards, but also the IT standards dictated by the IETF and IEEE. While many of them have been around for a while and have become familiar, vendors making IP-based systems for broadcast can make different choices that affect interoperability at the networking level. Thus, for the broadcast engineer, it may seem that there is an issue at the application layer when in fact the problem stems from a fault in the fundamental networking infrastructure.

<https://www.tvbeurope.com/ip-migration/tackling-the-complexities-of-ip-based-broadcast-operations>

 

IoT Vulnerability Management: Adhering to the New Laws

... In addition, the use of security.txt is recommended. Security.txt defines a standard to help organizations set the process for security researchers to disclose vulnerabilities. It’s still in the early stages of development (just 1% of the companies analyzed by the IoT Security Foundation, or IoTSF, used it), but this has been now been submitted for Request for Comments (RFC) review by the Internet Engineering Task Force (IETF).

<https://www.electronicdesign.com/technologies/iot/article/21132742/iot-vulnerability-management-adhering-to-the-new-laws>

 

Making Swahili visible: Identity, language and the internet

... Ideally, they are formed using characters from different scripts, such as Arabic, Chinese, or Cyrillic. These are then encoded by the Unicode standard and used as allowed by relevant IDN protocols, a set of standards defined by the Internet Architecture Board (IAB), and its subsidiary groups; the Internet Engineering Task Force (IETF) and the Internet Research Task Force (IRTF).

<https://globalvoices.org/2020/06/02/swahili-identity-language-and-the-internet/>

 

Domain Name Service: Neue Kombination DoQ in der Buchstabensuppe [DNS: New combination DoQ in alphabet soup]

Eigentlich gibt es schon zwei starke Methoden, die die Privatsphäre von Surfern schützen. Nun schlagen IETF-Entwickler eine noch bessere vor.

<https://www.heise.de/news/Domain-Name-Service-Neue-Kombination-DoQ-in-der-Buchstabensuppe-4771964.html>

 

Tor Browser aiguille vers la version cachée d'un site [Tor Browser points to the hidden version of a site]

... Ce changement est bienvenu dans la mesure où les adresses en .onion - qui est un nom de domaine spécial reconnu par l'IETF - ne sont pas des plus simples à mémoriser.

<https://www.generation-nt.com/tor-browser-navigateur-onion-actualite-1976862.html>

 

TLS 1.3 미들박스 구축에 대한 찬반 논란 [Controversy between pros and cons of TLS 1.3 middle box construction]

... TLS 1.3이 온다: TLS 1.3이 온다. 좋든 싫든 RFC8446(TLS 1.3)은 IETF 표준이 될 것이다. 파이어폭스와 크롬은 현재 TLS 1.3을 지원하고, 클라우드플레어(Cloudflare)도 새 영역에 TLS 1.3을 배포하고 있다. 퀄리스(Qualys)의 SSL 펄스(SSL Pulse)에 따르면 2020년 5월을 기준으로 웹사이트의 30%가 이미 TLS 1.3을 지원한다.

<http://www.itworld.co.kr/opinion/154513#csidxc71e903448d05708112602686b3c74c>

 

**********************

INTERNET OF THINGS

**********************

The Internet of Bodies is here. This is how it could change our lives.

In the special wards of Shanghai’s Public Health Clinical Center, nurses use smart thermometers to check the temperatures of COVID-19 patients. Each person’s temperature is recorded with a sensor, reducing the risk of infection through contact, and the data is sent to an observation dashboard. An abnormal result triggers an alert to medical staff, who can then intervene promptly. The gathered data also allows medics to analyse trends over time.

<https://europeansting.com/2020/06/04/the-internet-of-bodies-is-here-this-is-how-it-could-change-our-lives/>

 

Our IoT networks are joining the 5G family: future-proofing for years to come

The Internet of Things is the massive network of connected tech you probably never see. But despite its subtle appearance, IoT is rapidly changing the way we live. We already have two complementary network layers that cater to large-scale IoT deployments: NB-IoT and LTE-M (also known as Cat-M1).

<https://exchange.telstra.com.au/our-iot-networks-are-joining-the-5g-family-future-proofing-for-years-to-come/>

 

**********************

SECURITY & PRIVACY

**********************

Q&A: The Pioneers of Web Cryptography on the Future of Authentication

Martin Hellman, Taher Elgamal, and Tom Jermoluk were instrumental in shaping how the Internet works. Now they're looking at what’s next for web security

<https://spectrum.ieee.org/tech-talk/telecom/security/pioneers-web-cryptography-future-authentication>

 

Getting ready for the next security incidents

The EU Agency for Cybersecurity publishes a new report and accompanying repository on measures and information sources to proactively detect network security incidents in the EU.

<https://www.enisa.europa.eu/news/enisa-news/getting-ready-for-the-next-security-incidents>

 

Europol and Capgemini Netherlands seek pioneering solutions to tackle cyber threats

Europol’s European Cybercrime Centre (EC3) signs a Memorandum of Understanding (MoU) with Capgemini, a global leader in consulting, technology services and digital transformation. Joint exercises, capacity building and prevention campaigns will be at the heart of this collaboration.

<https://www.europol.europa.eu/newsroom/news/europol-and-capgemini-netherlands-seek-pioneering-solutions-to-tackle-cyber-threats>

 

Dramatic Rise of Cybersecurity Risks from COVID-19 Prompts Action Plan

In a matter of weeks, the pandemic forced the global economy and society, organizations and individuals to become more reliant than ever on the internet and the digital economy. According to the Forum’s COVID-19 Risks Outlook: A Preliminary Mapping and its Implications, cyberattacks and data fraud are considered the most likely technological risks of COVID-19 for the world, and the third of greatest concern overall owing to abrupt adoption of new working patterns.

<https://www.weforum.org/press/2020/05/dramatic-rise-of-cybersecurity-risks-from-covid-19-prompts-action-plan>

 

World Leaders Call on Governments to Stop Cyberattacks Plaguing Healthcare Systems

Today, the President and the CEO of the CyberPeace Institute, Marietje Schaake and Stéphane Duguin, joined Madeleine Albright, Desmond Tutu, and Mohamed ElBaradei Among More Than Forty International Leaders Calling on All Governments to Work Together to Stop Attacks Hampering Hospitals and International Organizations Fighting COVID-19

<https://cyberpeaceinstitute.org/blog/2020-05-26-world-leaders-call-on-governments-to-stop-cyberattacks-plaguing-healthcare-systems>

 

There’s No Duty of Care without Strong Encryption

On 15 May, the Telegraph reported that The Five Eyes intelligence alliance planned to meet to explore legal options to block plans to implement end-to-end encryption on Facebook Messenger. According to the UK-based newspaper, the discussions between the governments of the United States, the United Kingdom, Australia, Canada, and New Zealand would focus on how the “duty of care,” a basic concept found in tort law, could be stretched to force online platforms to remove or refrain from implementing end-to-end encryption. (A duty of care is the legal responsibility of a person or organization to avoid any behaviors or omissions that could reasonably be foreseen to cause harm to others.)

<https://www.internetsociety.org/blog/2020/05/theres-no-duty-of-care-without-strong-encryption/>

 

Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic

The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found.

<https://threatpost.com/enterprise-mobile-phishing-pandemic/156236/>

 

**********************

TLS

**********************

Understand SSL and How it Works | Keyfactor

Before diving into the many benefits and uses of SSL Certificates, it may be helpful to understand the underpinning technology. This article provides a brief history lesson on how Secure Socket Layer (SSL) has evolved into Transport Layer Security (TLS) and a simple explanation of how the protocol works.

<https://securityboulevard.com/2020/06/understand-ssl-and-how-it-works-keyfactor/>

 

Intelligent Chatbots – Your New Virtual Security Guardian

Chatbots are becoming ubiquitous in our lives. Many of us interact with them daily as an assistant in our homes. But many more of us communicate with them via the web, mobile applications, the telephone, text and other channels to gain access to both internal and external customer support. Indeed, 80% of companies plan to use some form of a chatbot by 2020. ... Here are security measures that will help protect your users and data. HTTPS is the standard web protocol for securing online communications. It facilitates secure communications by transferring data over Hypertext Transfer Protocol (HTTP) through a connection encrypted by Transport Layer Security (TLS) or Secure Sockets Layer (SSL). This protects privacy and integrity of data exchanged between parties.

<https://www.cpomagazine.com/cyber-security/intelligent-chatbots-your-new-virtual-security-guardian/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Internet pioneer Leonard Kleinrock on the great experiment we’re living through, and why the internet probably won’t break

Fifty years ago, Leonard Kleinrock helped create the internet. In an interview via FaceTime, he reflected on the experiment of a world living more and more inside the internet during lockdown, why the internet probably won’t break under the strain, and how young scholars can develop the next generation of connectedness.

<https://www.zdnet.com/article/exclusive-internet-pioneer-leonard-kleinrock-on-the-great-experiment-were-living-through-and-why-the-internet-probably-wont-break/>

 

Experts Reveal What China’s Proposed ‘Internet 2.0’ Means For Australia

The Cold War never truly ended. The USSR might be a thing of the past and there’s a Gucci location just off Tiananmen Square but friction between ideologically opposed global superpowers still defines international politics in the 21st century.

<https://www.dmarge.com/2020/06/new-internet-implications-australia.html>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home