[Newsclips] IETF SYN-ACK Newspack 2021-01-22

[David Goldstein <david@goldsteinreport.com>]

The IETF SYNACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

CENTR publishes its Report on IETF109

Over the last few weeks we have published a series of blogposts covering the IETF109 meeting, which we have brought together into one final report, together with two additional updates from the meeting. This report can be found here.

< <https://www.centr.org/news/news/centr-publishes-its-report-on-ietf109.html> https://www.centr.org/news/news/centr-publishes-its-report-on-ietf109.html>

 

Choosing the right encrypted DNS resolvers: who discovers the options?

The Adaptive DNS Discovery (ADD) working group (WG) at the IETF has been trying to catch up with the deployment of encrypted DNS and met six times last year. Its goal is to provide standardised means of discovering which encrypted options are available to various network users, and a means for those same users to select the option most appropriate for their intended use. The work entails manoeuvering between technical tasks and policy choices that other WGs, such as the DNS Operations (DNSOP) WG were reluctant to pick up.

< <https://www.centr.org/news/blog/ietf09-encrypted-dns-resolvers.html> https://www.centr.org/news/blog/ietf09-encrypted-dns-resolvers.html>

 

IAB Seeks Feedback on Candidates for the IETF appointment to the ISOC Board of Trustees

In 2021, the IAB is responsible for selecting two individuals to serve 3-year terms on the ISOC Board of Trustees. The procedure is described in RFC 3677. The candidates who accepted nominations are:

< <https://www.iab.org/2021/01/06/iab-seeks-feedback-on-candidates-for-the-ietf-appointment-to-the-isoc-board-of-trustees-6/> https://www.iab.org/2021/01/06/iab-seeks-feedback-on-candidates-for-the-ietf-appointment-to-the-isoc-board-of-trustees-6/>

 

Firefox Improves Privacy Protections With Encrypted Client Hello

... While working with Cloudflare to have the ECH specification standardized at the IETF, Mozilla is also moving forth with implementing the feature in its browser. Thus, Firefox 85 will switch from ESNI to ECH draft-08, but users should expect an update to draft-09 soon.

< <https://www.securityweek.com/firefox-improves-privacy-protections-encrypted-client-hello> https://www.securityweek.com/firefox-improves-privacy-protections-encrypted-client-hello>

 

Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor

... Mozilla working with Cloudflare, are earlier adopter of the technology, and others on standardizing the Encrypted Client Hello specification at the IETF.

< <https://portswigger.net/daily-swig/encrypted-client-hello-upcoming-firefox-85-rollout-builds-momentum-for-esni-successor> https://portswigger.net/daily-swig/encrypted-client-hello-upcoming-firefox-85-rollout-builds-momentum-for-esni-successor>

 

Secure Chorus transfers interoperability standards to ETSI

.... MIKEY-SAKKE is a cryptographic protocol created to be deployed in an enterprise environment to enable secure, cross-platform multimedia communications. It is designed to be centrally managed, giving a domain manager full control of the security of the system. MIKEY-SAKKE has received endorsement at global level, standardised by the IEFT and approved by 3GPP, for use in mission-critical applications.

< <https://www.capacitymedia.com/articles/3827342/secure-chorus-transfers-interoperability-standards-to-etsi> https://www.capacitymedia.com/articles/3827342/secure-chorus-transfers-interoperability-standards-to-etsi>

 

Domain Name System (DNS)

... To combat this, the IETF created DNS protocols to protect users and domains from these attacks. These DNS records include: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Unfortunately, not all domains have enabled these security protections. Enabling these three DNS records helps protect your clients from impersonation attacks purportedly from you, but really from a hacker. They can prevent spoofing attacks and limit who can send email from your domain.

< <https://www.business2community.com/cybersecurity/domain-name-system-dns-02375545> https://www.business2community.com/cybersecurity/domain-name-system-dns-02375545>

 

Asharq News goes on the air in the Middle East with help from Qvest Media

... Asharq News has an 100 GBps-capable All-IP media infrastructure designed and implemented by Qvest Media that provides sufficient bandwidth for an UHD/4K upgrade of the production infrastructure in the future. The audio-over-IP implementation supports IEEE, IETF, and AES67.

< <https://www.telecompaper.com/news/asharq-news-goes-on-the-air-in-the-middle-east-with-help-from-qvest-media--1367835> https://www.telecompaper.com/news/asharq-news-goes-on-the-air-in-the-middle-east-with-help-from-qvest-media--1367835>

 

Asharq News sets benchmark for news workflow

... With an end-to-end All-IP infrastructure, Asharq News benefits from lean operating processes as well as a high adaptability and scalability of its production platform. The 100 GBit/s-capable All-IP media infrastructure designed and implemented by Qvest Media supports the SMPTE ST 2110, NMOS IS-04 and IS-05 standards and offers sufficient bandwidth for an UHD/4K upgrade of the production infrastructure in the future. The audio-over-IP implementation supports IEEE, IETF, and AES67. Since the network consists of customary IT components, it forms the basis for both the redundant broadcast network design and the seamlessly integrated corporate IT network.

< <https://advanced-television.com/2021/01/07/asharq-news-sets-benchmark-for-news-workflow/> https://advanced-television.com/2021/01/07/asharq-news-sets-benchmark-for-news-workflow/>

 

ZTE wins router contract for China's first BIER multicast project [registration]

... ZTE has submitted a number of BIER proposals to IETF, and introduced IPV6-based BIERin6 encapsulation. ZTE also released the BIER Multicast Technology White Paper in November 2020, and has conducted cooperation with Nanjing Purple Mountain Laboratories on the R&D of BIER multicast technology since 2019.

< <https://www.telecompaper.com/news/zte-wins-router-contract-for-chinas-first-bier-multicast-project--1367990> https://www.telecompaper.com/news/zte-wins-router-contract-for-chinas-first-bier-multicast-project--1367990>

 

Quantum Corporation bolsters Executive Leadership Team with the appointments of Brian Pawlowski, Dave Clack and Jim Simon

... He [Brian Pawlowski] is the co-chair of the NFS Working Group at the IETF and has served on the board of trustees for the Anita Borg Institute for Women and Technology, and as a board member at the Linux Foundation.

< <https://www.sourcesecurity.com/news/quantum-corporation-bolsters-executive-leadership-team-co-11453-ga.1609935157.html> https://www.sourcesecurity.com/news/quantum-corporation-bolsters-executive-leadership-team-co-11453-ga.1609935157.html>

 

NSA spricht sich für starke Verschlüsselung im Web aus und gibt Tipps [NSA advocates strong encryption on the web and gives tips]

Die National Security Agency (NSA) warnt vor veralteten Verschlüsselungsprotokollen wie TLS 1.0 (Transport Layer Security) und rät zum Einsatz aktuellerer Verfahren, um Datenverkehr im Internet effektiver zu schützen. Mit ihren Hinweisen richten sie sich vor allem an Regierungsorganisationen und Unternehmen. ... Bei den Webbrowsern haben sich bereits Chrome, Firefox & Co. von TLS 1.0/1.1 verabschiedet. Die IETF arbeitet schon seit 2018 an einem Verbot von alten TLS-Versionen.

< <https://www.heise.de/news/NSA-spricht-sich-fuer-starke-Verschluesselung-im-Web-aus-und-gibt-Tipps-5004856.html> https://www.heise.de/news/NSA-spricht-sich-fuer-starke-Verschluesselung-im-Web-aus-und-gibt-Tipps-5004856.html>

 

DNS migliori: quali usare per la navigazione [Best DNS: Which to use for browsing]

... L'ultimo problema residuo è che il gestore del server DNS compatibile DoH può ancora registrare i siti web visitati dagli utenti annotando tutte le richieste di risoluzione dei nomi a dominio. La soluzione si chiama Oblivious DoH ed è uno standard sviluppato dalla IETF: Cloudflare è stato il primo soggetto ad abbracciarne l'utilizzo (vedere DNS ancora più sicuri e rispettosi della privacy: arriva Oblivious DoH. Cos'è).

< <https://www.ilsoftware.it/articoli.asp?tag=DNS-migliori-quali-usare-per-la-navigazione_22387> https://www.ilsoftware.it/articoli.asp?tag=DNS-migliori-quali-usare-per-la-navigazione_22387>

 

Firefox 85將以ECH取代加密SNI [Firefox 85 will replace encrypted SNI with ECH]

... 不過，在IETF發布ESNI規格草案後，經過分析顯示，ESNI擴充提供了不完整的保護，像是在對話恢復期間，預共享的金鑰（Pre-Shared Key）擴充，仍會包含ESNI加密的伺服器主機名稱，也就是說ESNI必須為所有具有潛在隱私風險的擴充，提供加密變體，但這反而暴露出一系列廣播的擴充。這個原因使得ESNI的互相操作性以及部署受到挑戰，因而無法擴展使用範圍。

< <https://www.ithome.com.tw/news/142119> https://www.ithome.com.tw/news/142119>

 

QUIC ve HTTP/3 Protokollerinin Son Durumu [Latest Status of QUIC and HTTP/3 Protocols]

Gecikmeyi azaltan, güvenilir ve emniyetli bir aktarım protokolü olan QUIC (Quick UDP Internet Connections) ile, QUIC’in üzerine HTTP mantığının işlenmesi sonucu ortaya çıkan HTTP/3 (Hypertext Transfer Protocol/3), birlikte geliştirilen ve dağıtılan protokoller. Bu yazımızda, protokollerin mevcut durumu, bunların web üzerindeki dağıtımları ve yakın gelecekteki teknolojilerin nasıl gelişeceği konularına değineceğiz.

< <https://www.technopat.net/2021/01/10/quic-ve-http-3-protokollerinin-son-durumu/> https://www.technopat.net/2021/01/10/quic-ve-http-3-protokollerinin-son-durumu/>

 

**********************

SECURITY & PRIVACY

**********************

us: NSA Urges SysAdmins to Replace Obsolete TLS Protocols

The National Security Agency (NSA) is lighting a fire under system administrators who are dragging their feet to replace insecure and outdated Transport Layer Security (TLS) protocol instances.

< <https://threatpost.com/nsa-urges-sysadmins-to-replace-obsolete-tls-protocols/162814/> https://threatpost.com/nsa-urges-sysadmins-to-replace-obsolete-tls-protocols/162814/>

 

us: NSA releases “Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations” Cybersecurity Information

The National Security Agency released a cybersecurity product Tuesday detailing how to detect and fix out-of-date encryption protocol implementations. Networks and systems that use deprecated forms of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) for traffic sessions are at risk of sensitive data exposure and decryption.

< <https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2462345/nsa-releases-eliminating-obsolete-transport-layer-security-tls-protocol-configu/> https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2462345/nsa-releases-eliminating-obsolete-transport-layer-security-tls-protocol-configu/>

 

us: NSA Year in Review

The pandemic affected everyone this year, but our mission didn’t slow down. As our Director, GEN Paul Nakasone said, we “are one team, and each of us contributes our unique expertise to a mission that is all the more critical in times of crisis.” Throughout 2020, our workforce contributed our expertise in many ways:

< <https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2453676/nsa-year-in-review/> https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2453676/nsa-year-in-review/>

 

us: Virtual Hall of Honor Ceremony Celebrates Five Cryptologic Heroes

A non-traditional ceremony marked the creative way NSA hosted this year’s annual celebration, which honored five pioneers in the field of American cryptology.

< <https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2453947/virtual-hall-of-honor-ceremony-celebrates-five-cryptologic-heroes/> https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2453947/virtual-hall-of-honor-ceremony-celebrates-five-cryptologic-heroes/>

 

BGP in 2020 — BGP Update Churn by Geoff Huston

The first part of this report looked at the size of the routing table and some projections of its growth for both IPv4 and IPv6. However, the scalability of BGP as the Internet’s routing protocol is not just dependent on the number of prefixes carried in the routing table, dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match, then the routing system will lose coherence. At that point, the network will head into periods of instability.

< <https://www.potaroo.net/ispcol/2021-01/bgpupd2020.html> https://www.potaroo.net/ispcol/2021-01/bgpupd2020.html>

 

BGP in 2020 – The BGP Table by Geoff Huston

At the start of each year, I reported on the behaviour of the inter-domain routing system over the past 12 months, looking in detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.

< <https://www.potaroo.net/ispcol/2021-01/bgp2020.html> https://www.potaroo.net/ispcol/2021-01/bgp2020.html>

 

New tool to sniff out DNS usage

The DNS is ubiquitous. Nearly every application, product, or service that exists on the Internet today has to make DNS requests, whether it is a website accessed from a desktop browser, a mobile app on a smartphone, or a virus covertly running on a server.

< <https://blog.apnic.net/2021/01/08/new-tool-to-sniff-out-dns-usage/> https://blog.apnic.net/2021/01/08/new-tool-to-sniff-out-dns-usage/>

 

**********************

INTERNET OF THINGS

**********************

The power of value 4.0 for industrial internet of things

Many companies expected 2020 to be a challenging year. They anticipated technological shifts that would affect their business—like the transition from combustion to electric vehicles for automotive manufacturers—or ongoing instability due to raging trade wars or Brexit. But the impact of the covid pandemic on top of these challenges has, for many companies, been unprecedented.

< <https://www.technologyreview.com/2020/12/22/1015424/the-power-of-value-4-0-for-industrial-internet-of-things/> https://www.technologyreview.com/2020/12/22/1015424/the-power-of-value-4-0-for-industrial-internet-of-things/>

 

When the Internet of Things (IoT) Is Armed as an IoT Botnet

When the Internet of Things (IoT) is weaponized to launch DDoS attacks, it’s called the DDoS of Things. The problem is that many consumer IoT devices can easily be hijacked and made part of such IoT botnets, which are then used to power bigger, smarter, and more devastating multi-vector DDoS attacks than ever before. We can clearly see that DDoS attacks have become more common, rising in direct proportion to the increase in the number of IoT devices.

< <https://www.cpomagazine.com/cyber-security/when-the-internet-of-things-iot-is-armed-as-an-iot-botnet/> https://www.cpomagazine.com/cyber-security/when-the-internet-of-things-iot-is-armed-as-an-iot-botnet/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Internet Governance Outlook 2021: Digital Cacaphony in a Splintering Cyberspace by Wolfgang Kleinwächter

In 2020, the pandemic accelerated digitalization around the globe. Homeoffice, Online Shopping, Zoom Conferences became part of the daily life for billions of people. But if somebody would have expected that the Covid-19-Desaster is a wake-up call for the world to be more united, work hand in hand, and pool resources reducing risks of a borderless threat, this "somebody" was wrong. 2020 was dominated by "My country first."

< <http://www.circleid.com/posts/20210108-internet-governance-outlook-2021-digital-cacaphony/> http://www.circleid.com/posts/20210108-internet-governance-outlook-2021-digital-cacaphony/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home