[Newsclips] IETF SYN-ACK Newspack 2021-03-29

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Nominet’s chance to build a better Internet

This week, during Nominet’s EGM, Open Rights Group cast its organisational membership vote to change the current Board membership. The motion removed its CEO, Chairman, and three other Board members. This result is a clear mandate for Nominet to change the direction it has taken in recent years and reshape itself as an organisation working in the public interest, for a better UK Internet. ... Nominet also needs to re-engage with the Internet technical operations community, through bodies such as RIPE, IETF and NANOG, which it used to be a highly visible leader in.

< <https://www.openrightsgroup.org/blog/nominets-chance-to-build-a-better-internet/> https://www.openrightsgroup.org/blog/nominets-chance-to-build-a-better-internet/>

 

Privacy Entrepreneur Adrian Gropper

... Today Gropper is now the volunteer chief technology officer of Patient Privacy Rights, a nonprofit founded in 2006 to advocate for patient control over medical records. He participates in several standards work groups related to privacy and health records, and is the cofounder and principal of HIE Of One, an early-stage startup that is developing open-source software to allow patients direct, centralized control over records that might otherwise be scattered across multiple doctors’ offices or hospitals. Additionally, Gropper contributes to projects in W3C (World Wide Web Consortium) self-sovereign identity, and to the IETF and GNAP (Grant Negotiation and Authorization Protocol) work groups.

< <https://spectrum.ieee.org/at-work/tech-careers/privacy-entrepreneur-adrian-gropper> https://spectrum.ieee.org/at-work/tech-careers/privacy-entrepreneur-adrian-gropper>

 

Why certificate automation is no longer just “nice to have”

... Certificate automation is talked and theorized about more often than it’s put into practice. IETF protocols and third-party tools have helped, yet many organizations have gaps in the process, making efficient certificate management challenging at best. With complete certificate automation, enterprises reduce their risk of exposure to breaches and outages if certificates expire or are unknowingly deployed in their environment and can respond quickly and with agility as the security and business landscape continues to evolve.

< <https://www.helpnetsecurity.com/2021/03/29/certificate-automation/> https://www.helpnetsecurity.com/2021/03/29/certificate-automation/>

 

Route Server Support Foundation collaborates with leading internet exchanges

The world’s largest Internet Exchanges (IXs) AMS-IX, DE-CIX, LINX, and Netnod have joined forces with the newly founded Route Server Support Foundation (RSSF) to tackle the lack of open source software suitable for high-end mission critical Route Server deployments. The ultimate goal of the cooperation is the improvement of the Border Gateway Protocol (BGP) software diversity and the strengthening of open source BGP implementations. ... The newly founded Route Server Support Foundation contributes to the diversity in Route Server implementations by using the IETF open Internet standards.

< <https://www.totaltele.com/508993/Route-Server-Support-Foundation-collaborates-with-leading-internet-exchanges> https://www.totaltele.com/508993/Route-Server-Support-Foundation-collaborates-with-leading-internet-exchanges>

 

Decoding China’s COVID‐19 ‘virus exceptionalism’: Community‐based digital contact tracing in Wuhan

... The communities are collective social units of people ‘with diverse characteristics that are linked by social ties, share common perspectives, and engage in joint action in geographical locations or settings’ (MacQueen et al., 2001). In the administrative hierarchy, the communities serve as the physical intermediaries that co‐produce policy with the government and deliver services to the public (Bovaird, 2007). They represent the collective interests of affiliated citizens by creating public value, while autonomously moderate multilayer interactions and knowledge transmissions (Gustafsson and Jarvenpaa, 2018). Existing literature suggests how different forms of communities mitigate the multilayer interactions in the open innovation ecosystem (e.g., Local Emergency Planning Committees (LEPCs) in US residential communities in alerting natural disasters and terrorist attacks (McEntire David and Myers, 2004), IETF in innovation project leaders selection and networking of engineers working groups (Fleming and Waguespack, 2007), and the video game community building in the creative city of Montréal (Grandadam et al., 2013)). In these examples, the community formation is led by the upperground organizations based on geographically and relational proximity and/or professional connections. By generating and leveraging the influence of communities on the digital platform, policymakers mobilize the collective intelligence and engagement of autonomous individuals to achieve the strategic goals in open innovation.

< <https://onlinelibrary.wiley.com/doi/full/10.1111/radm.12464> https://onlinelibrary.wiley.com/doi/full/10.1111/radm.12464>

 

IETF erklärt TLS-Urväter 1.0 und 1.1 als veraltet [IETF declares TLS forefathers 1.0 and 1.1 obsolete]

Die Internet Engineering Taskforce (IETF) hat die Verschlüsselungsprotokolle zur sicheren Datenübertragung im Internet TLS 1.0 und TLS 1.1 am Dienstag für "deprecated" (deutsch: veraltet) erklärt. Beide Versionen des Transport Layer Security gelten seit Jahren als unsicher, da sie anfällig für Kollisionsattacken sind.

< <https://www.heise.de/news/IETF-erklaert-TLS-Urvaeter-1-0-und-1-1-als-veraltet-5997963.html> https://www.heise.de/news/IETF-erklaert-TLS-Urvaeter-1-0-und-1-1-als-veraltet-5997963.html>

 

Encryptieprotocollen TLS 1.0 en 1.1 officieel door IETF afgeschreven [Encryption protocols TLS 1.0 and 1.1 officially written off by IETF]

Encryptieprotocollen TLS 1.0 en 1.1 zijn officieel door de IETF afgeschreven en moeten niet meer worden gebruikt. Het TLS-protocol wordt gebruikt voor het opzetten van een beveiligde verbinding tussen websites en bezoekers. TLS 1.0 en 1.1 bevatten verschillende kwetsbaarheden en zijn kwetsbaar voor aanvallen zoals BEAST, CRIME en POODLE. Hierbij kan een aanvaller onder andere de versleutelde sessie van een slachtoffer overnemen.

< <https://www.security.nl/posting/696211/Encryptieprotocollen+TLS+1_0+en+1_1+officieel+door+IETF+afgeschreven> https://www.security.nl/posting/696211/Encryptieprotocollen+TLS+1_0+en+1_1+officieel+door+IETF+afgeschreven>

 

¿En qué idioma hablan las "cosas" conectadas a Internet? [In what language do "things" connected to the Internet speak?]
< <https://www.elobservador.com.uy/nota/-en-que-idioma-hablan-las-cosas-conectadas-a-internet--2021327501> https://www.elobservador.com.uy/nota/-en-que-idioma-hablan-las-cosas-conectadas-a-internet--2021327501>

 

Jak měřit rychlost připojení kvůli reklamaci? Šestkrát za 90 minut a přes NetMetr, říká ČTÚ [How to measure connection speed for a claim? Six times in 90 minutes and via NetMeter, says CTO]

... ČTÚ se podle Meravé po několika stížnostech na kvalitu měření začal problémem zabývat. „Spolehlivost byla posuzována z hlediska použití webového nástroje, porovnání se skutečnou šířkou pásma (bandwidth), porovnání s výsledky kalibrovaného měřicího nástroje založeného na doporučení IETF RFC 6349, vliv zatížení procesoru PC/notebooku, výkonové vlastnosti koncového zařízení (modem/router) a tak dále,“ popisuje mluvčí.

< <https://www.lupa.cz/clanky/jak-merit-rychlost-pripojeni-kvuli-reklamaci-sestkrat-za-90-minut-a-pres-netmetr-rika-ctu/> https://www.lupa.cz/clanky/jak-merit-rychlost-pripojeni-kvuli-reklamaci-sestkrat-za-90-minut-a-pres-netmetr-rika-ctu/>

 

IETF ประกาศ TLS 1.0/1.1 หมดอายุในเอกสาร RFC8996 [IETF announces TLS 1.0/1.1 expires in RFC8996 document]

IETF ผู้วางมาตรฐานอินเทอร์เน็ต ออกเอกสาร RFC8996 ให้มาตรฐาน TLS 1.0/1.1 รวมถึง DTLS 1.0 หมดอายุการใช้งาน (deprecated) อย่างเป็นทางการ หลังจากมีรายงานถึงการโจมตีกระบวนการเข้ารหัสของ TLS ทั้งสองเวอร์ชั่นได้หลายครั้ง

< <https://www.blognone.com/node/121907> https://www.blognone.com/node/121907>

 

TLS 1.0 и 1.1 официально признаны устаревшими [TLS 1.0 and 1.1 are officially declared obsolete]

Комитет IETF, занимающийся развитием протоколов и архитектуры Интернет, опубликовал RFC 8996, официально переводящих протоколы TLS 1.0 и 1.1 в разряд устаревших технологий.

< <http://rosinvest.com/novosti/1436183> http://rosinvest.com/novosti/1436183>

 

Маршрутизаторы H3C операторского класса — для российского телекома [Operator-class H3C routers for Russian telecom]

... Среди функциональных возможностей предложенных H3C решений особого внимания заслуживает предварительная поддержка сегментной маршрутизации для наиболее актуального Интернет-протокола IPv6 (SRv6). Рабочее предложение для SRv6, RFC 8754, было опубликовано Целевой группой по проектированию Интернета (IETF) лишь весной 2020 г., но этот свод правил маршрутизации уже рассматривается экспертами как эффективное средство для устранения накопившихся по мере развития Интернета проблем.

< <https://www.crn.ru/partners/partnership/detail.php?ID=152502> https://www.crn.ru/partners/partnership/detail.php?ID=152502>

 

IETF宣布正式弃用TLS 1.0和TLS 1.1 [The IETF announced the formal deprecing of TLS 1.0 and TLS 1.1]

IETF（国际互联网工程任务组）今天正式发布 RFC 8996，正式宣布弃用 TLS 1.0 和 TLS 1.1。根据 SSL Pulse 服务，截至今年 1 月 16 日，95.2% 的接受安全连接的网站支持 TLS 1.2，14.2% 的网站支持 TLS 1.3。77.4% 的 HTTPS 站点接受 TLS 1.1 连接，68% 接受 TLS 1.0。在 Alexa 排名所反映的前 10 万个网站中，大约有 21% 的网站仍然没有使用 HTTPS。

< <https://www.cnbeta.com/articles/tech/1106281.htm> https://www.cnbeta.com/articles/tech/1106281.htm>

 

В бета-версии Firefox включена по умолчанию поддержка протокола HTTP/3 [Firefox beta has HTTP / 3 support enabled by default]

... Основное отличие новой версии протокола HTTP состоит в используемом транспортном протоколе — HTTP/3 работает на IETF QUIC. Этот протокол является надстройкой над UDP, которая улучшает время установки соединений между сервером и клиентом, позволяет мультиплексировать соединения, минимизирует издержки при потере пакетов данных, а также предоставляет методы шифрования, аналогичные протоколу TLS.

< <https://rossaprimavera.ru/news/a77bb57c> https://rossaprimavera.ru/news/a77bb57c>

 

**********************

SECURITY & PRIVACY

**********************

Industry Leaders Create First Unified Cybersecurity Guide for Boards of Directors

Boards of directors need to play a more active role in protecting their organization from cyber risks, according to a new study released today by the World Economic Forum. Cybersecurity failure is a “clear and present danger” and critical global threat, yet responses from board directors has been fragmented, risks not fully understood and collaboration between industries limited.

< <https://www.weforum.org/press/2021/03/industry-leaders-create-first-unified-cybersecurity-guide-for-boards-of-directors> https://www.weforum.org/press/2021/03/industry-leaders-create-first-unified-cybersecurity-guide-for-boards-of-directors>

 

eu: When & How to Report Security Incidents

The European Union Agency for Cybersecurity (ENISA) releases new guidelines to facilitate the reporting of security incidents by national telecom security authorities.

< <https://www.enisa.europa.eu/news/enisa-news/when-how-to-report-security-incidents> https://www.enisa.europa.eu/news/enisa-news/when-how-to-report-security-incidents>

 

Today's Cyberattacks Foreshadow Wars to Come

Cyberattacks are no longer just a matter of cybersecurity, they directly threaten a country’s national security. Cyberattacks alter the character of warfare—much like nuclear weapons once did, allowing adversaries to potentially cross enemy lines to harm large numbers of innocent civilians.

< <https://spectrum.ieee.org/riskfactor/aerospace/military/todays-cyberattacks-foreshadow-wars-to-come> https://spectrum.ieee.org/riskfactor/aerospace/military/todays-cyberattacks-foreshadow-wars-to-come>

 

A Bottom-Up Approach to 5G Network Slicing Security in User Equipment

Securing 5G UE products against cyber threats requires a “bottom-up” approach where security is an integral part of the design that begins in the early stages of development, and every stage of functional verification includes testing for potential vulnerabilities, ensuring strict compliance with 5G’s protocols and security standards.

< <https://spectrum.ieee.org/whitepaper/a-bottomup-approach-to-5g-network-slicing-security-in-user-equipment> https://spectrum.ieee.org/whitepaper/a-bottomup-approach-to-5g-network-slicing-security-in-user-equipment>

 

Transforming information security to secure businesses

We are on a path that will see information security transformed in the next 5-10 years. There are five trends that will enable us as an industry to improve the overall security posture and reduce the surface attack space. There is evidence that we are already moving in that direction with a push for built-in security, but we must be mindful to ensure management scales.

< <https://blog.apnic.net/2021/03/23/transforming-information-security-to-secure-businesses/> https://blog.apnic.net/2021/03/23/transforming-information-security-to-secure-businesses/>

 

Development of an Algorithm to Protect User Communication Devices Against Data Leaks [Eastern-European Journal of Enterprise Technologies]

Abstract: In order to identify ways used to collect data from user communication devices, an analysis of the interaction between DNS customers and the Internet name domain space has been carried out. It has been established that the communication device's DNS traffic is logged by the DNS servers of the provider, which poses a threat to the privacy of users. A comprehensive algorithm of protection against the collection of user data, consisting of two modules, has been developed and tested.

< <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3801054> https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3801054>

 

OpenSSL fixes high-severity flaw that allows hackers to crash servers

OpenSSL, the most widely used software library for implementing website and email encryption, has patched a high-severity vulnerability that makes it easy for hackers to completely shut down huge numbers of servers.

< <https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/> https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/>

 

The good and the bad with Chrome web browser's new security defaults

First, the good news. Starting with the mid-April release of Google's Chrome 90 web browser, Chrome will default to trying to load the version of a website that's been secured with a Transport Layer Security (TLS). These are the sites that show a closed lock in the Chrome Omnibox, what most of us know as the Chrome address (URL) bar. The bad news is that just because a site is secured by HTTPS doesn't mean it's trustworthy.

< <https://www.zdnet.com/article/the-good-and-the-bad-with-the-chrome-web-browsers-new-security-defaults/> https://www.zdnet.com/article/the-good-and-the-bad-with-the-chrome-web-browsers-new-security-defaults/>

 

Serious Security: OpenSSL fixes two high-severity crypto bugs

We’re sure you’ve heard of OpenSSL, and even if you aren’t a coder yourself, you’ve almost certainly used it. OpenSSL is one of the most popular open-source cryptography libraries out there, and lots of well-known products rely on it, especially on Linux, which doesn’t have a standard, built-in encryption toolkit of its own.

< <https://nakedsecurity.sophos.com/2021/03/28/serious-security-openssl-fixes-two-high-severity-crypto-bugs/> https://nakedsecurity.sophos.com/2021/03/28/serious-security-openssl-fixes-two-high-severity-crypto-bugs/>

 

**********************

INTERNET OF THINGS

**********************

nz: IoT, 5G and sensor networks feature in Spark's new innovation studio

Spark has opened an innovation studio to showcase emerging technologies it sees as increasingly important to its business case for 5G and its own dedicated Internet of Things (IoT) network.

< <https://techblog.nz/2501-IoT-5G-and-sensor-networks-feature-in-Sparks-new-innovation-studio> https://techblog.nz/2501-IoT-5G-and-sensor-networks-feature-in-Sparks-new-innovation-studio>

 

How The Internet Of Things Can Benefit Commercial Aviation

Analysts predict there will be over 41 billion devices connected by the Internet of Things (IoT) by 2025. The technology, a driving force of the ‘fourth industrial revolution’, has been ushered in by incredibly cheap computer chips and the prevalence of wireless networks. But how can it benefit commercial aviation?

< <https://simpleflying.com/internet-of-things-aviation/> https://simpleflying.com/internet-of-things-aviation/>

 

This is the Internet of Things startup is ‘solving important global problems’

A Dutch startup has been awarded €26 million in funding to use the Internet of Things (IoT) to help solve some of the “biggest issues facing the world today”. Founded in 2016 and led by a team of satellite experts and tech entrepreneurs, the company’s mission is to bring IoT solutions to some of the world’s hardest-to-reach places.

< <https://www.euronews.com/living/2021/03/27/this-is-the-internet-of-things-startup-is-solving-important-global-problems> https://www.euronews.com/living/2021/03/27/this-is-the-internet-of-things-startup-is-solving-important-global-problems>

 

Scottish Councils to Trial Internet of Things Under New Scheme

A new Internet of Things (IoT) scheme will offer councils across Scotland free trials of intelligent lighting, waste management, air quality and social housing solutions.

< <https://digit.fyi/scottish-councils-to-trial-internet-of-things-under-new-scheme/> https://digit.fyi/scottish-councils-to-trial-internet-of-things-under-new-scheme/>

 

Satellite the size of a loaf of bread drives Aussie firm’s US push

Mini-satellite company Myriota, which has shareholders including the investment arm of aviation giant Boeing and former prime minister Malcolm Turnbull, is pushing hard into the United States and Canadian market in the Internet of Things sector.

< <https://www.afr.com/companies/infrastructure/pandemic-gives-internet-of-things-a-kick-along-20210322-p57cut> https://www.afr.com/companies/infrastructure/pandemic-gives-internet-of-things-a-kick-along-20210322-p57cut>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

The future grid wavelength: Migrating SDH to Internet Protocol

The longevity of Plesiochronous Digital Hierarchy/Synchronous Digital Hierarchy (PDH/SDH) communications networks in the utility industry is remarkable. Used for decades to monitor and control the grid, there has been an understandable reluctance to replace them. Highly reliable and secure, they also represent a sunk cost that has repaid itself many times over.

< <https://www.power-eng.com/om/sdh-the-future-grid-wavelength-migrating-sdh-to-internet-protocol/> https://www.power-eng.com/om/sdh-the-future-grid-wavelength-migrating-sdh-to-internet-protocol/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

A practical demo of SCION, a new internet architecture

As part of the 2STiC programme, we've been experimenting for a while at SIDN Labs with a new internet architecture called SCION. We were recently able to set up a video conferencing demo session over SCION. And we've made a video of the demo so that you can see the technology in action.

< <https://www.sidnlabs.nl/en/news-and-blogs/a-practical-demo-of-scion-a-new-internet-architecture> https://www.sidnlabs.nl/en/news-and-blogs/a-practical-demo-of-scion-a-new-internet-architecture>

 

Zen: A general framework for compositional network modelling

The question: “Is my system going to operate correctly?” is an age-old problem in computer science. Perhaps the most common way to ascertain whether a system is operating correctly today is through testing and monitoring. For example, for networks, we frequently use tools such as traceroute and ping to check whether two endpoints have connectivity. Unfortunately, such testing and monitoring is both incomplete and reactive — one can never fully test all inputs/packets and can often only find problems after they have already affected the live network and, by extension, its users. Can we do better than testing?

< <https://blog.apnic.net/2021/03/25/zen-a-general-framework-for-compositional-network-modelling/> https://blog.apnic.net/2021/03/25/zen-a-general-framework-for-compositional-network-modelling/>

 

Measuring ROAs and ROV by Geoff Huston

There are a number of parts to the current framework that we’re using to improve routing security on the Internet. Prefix holders should generate validly signed Route Origination Authorizations (ROAs) and have them published. Network operators should maintain a current local cache of these signed objects and use them to filter routing updates, preferably discarding routes that are invalid, according to the route validation procedures.

< <https://www.potaroo.net/ispcol/2021-03/rov.html> https://www.potaroo.net/ispcol/2021-03/rov.html>

 

RPKI relying party synchronization behaviour

The Resource Public Key Infrastructure (RPKI) is a specialized PKI designed and deployed to improve the security of the Internet BGP routing system. Some of the ‘resources’ that make up the RPKI include IP address prefixes and Autonomous System numbers (ASNs).

< <https://blog.apnic.net/2021/03/22/rpki-relying-party-synchronization-behaviour/> https://blog.apnic.net/2021/03/22/rpki-relying-party-synchronization-behaviour/>

 

ISC Response to NIS2

Internet Systems Consortium today submitted comments on the proposed NIS2 Directive to the European Commission. The Directive may unintentionally draw all 12 of the world’s root server operators into regulatory coverage. This brings the potential to ignite multinational regulatory conflict, to destabilize the diversity that underpins global trust in the root name server system, to undermine the current multistakeholder arrangements that govern the engineering structure of the Internet, and to fragment the Internet’s global unitary DNS system.

< <https://www.isc.org/blogs/isc-response-to-nis2/> https://www.isc.org/blogs/isc-response-to-nis2/>

 

ETSI enables intercontinental testing for next-generation emergency communications

ETSI has successfully completed its international emergency communications interoperability testing event. 285 test pairings, with 87% demonstrating interoperability, were run from 22 February to 5 March 2021, both in Europe and across the Atlantic to assess the compatibility of products for mission-critical public safety services. This remote event was a cooperation between ETSI, EENA, the European Emergency Number Association and for the first time NENA, the 9-1-1 Association.

< <https://www.etsi.org/newsroom/press-releases/1902-etsi-enables-intercontinental-testing-for-next-generation-emergency-communications> https://www.etsi.org/newsroom/press-releases/1902-etsi-enables-intercontinental-testing-for-next-generation-emergency-communications>

 

HTTPS is really multiple protocols these days

For all of its warts, HTTP is essentially a single protocol; if you see 'http://', you know what pretty much anything will do with it, and they're all going to do about the same thing. This is not the case for HTTPS. HTTPS looks like a single protocol, invoked by ' <https://..../> https://....', but it's really a bunch of protocols all dumped in a big sack labeled 'HTTPS' on the outside. The actual protocol that clients will use for HTTPS URLs can vary widely.

< <https://utcc.utoronto.ca/~cks/space/blog/web/HTTPSMultipleProtocols> https://utcc.utoronto.ca/~cks/space/blog/web/HTTPSMultipleProtocols>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home