[Newsclips] IETF SYN-ACK Newspack 2021-04-06

David Goldstein <david@goldsteinreport.com> Mon, 05 April 2021 16:28 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFF993A1EAC for <newsclips@ietfa.amsl.com>; Mon, 5 Apr 2021 09:28:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.111
X-Spam-Level: ***
X-Spam-Status: No, score=3.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_RUURL=3, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.999, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tp9OzvKKmrmE for <newsclips@ietfa.amsl.com>; Mon, 5 Apr 2021 09:28:49 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 654383A1EAE for <newsclips@ietf.org>; Mon, 5 Apr 2021 09:28:49 -0700 (PDT)
Received: from DavidDesktop2019 (unknown [144.136.11.113]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id C935D28093F for <newsclips@ietf.org>; Mon, 5 Apr 2021 12:28:44 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 144.136.11.113) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Tue, 6 Apr 2021 02:28:45 +1000
Organization: Goldstein Report
Message-ID: <004001d72a38$c1de3760$459aa620$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0041_01D72A8C.938CDF70"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdcqOLI+JbypNF5MR52KIbl7j4FzuQ==
Content-Language: en-au
X-PPP-Message-ID: <20210405162846.2477314.33694@karkinos.atomiclayer.com>
X-PPP-Vhost: goldsteinreport.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/TBLgnKN1DTwnQRa0feV9n4gt6lY>
Subject: [Newsclips] IETF SYN-ACK Newspack 2021-04-06
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2021 16:28:56 -0000

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Representation is Not Sufficient for Selecting Gender Diversity

Representation of women and minorities in a “selectorate”—the group that chooses an organization's leaders—is a key mechanism for promoting diversity. We show that representation, on its own, is not sufficient for selecting gender diversity: a supportive organizational culture is also required. In the case of the Internet Engineering Task Force, a random increase in female representation in its selection committee caused an increase in female appointments only after cultural norms supporting diversity and inclusion became more salient.

< <https://www.nber.org/papers/w28649> https://www.nber.org/papers/w28649>

 

Event Wrap: IETF 110

APNIC participated at IETF 110, held online from 8 to 12 March 2021. The event welcomed around 1,295 participants and included an IETF Hackathon and the approval of two working groups, IOT Operations (iotops) and WebRTC Ingest Signalling over HTTPS (wish).

< <https://blog.apnic.net/2021/03/31/event-wrap-ietf-110/> https://blog.apnic.net/2021/03/31/event-wrap-ietf-110/>

 

TCP Congestion Control at IETF 110 by Geoff Huston

IETF 110 was held virtually in March 2020. Here are some notes on current research activities in transport protocol flow control, I took at the meeting of the Internet Congestion Control Research Group (ICCRG), during IETF 110.

< <https://www.potaroo.net/ispcol/2021-03/ietfcc.html> https://www.potaroo.net/ispcol/2021-03/ietfcc.html>

< <https://blog.apnic.net/2021/03/30/congestion-control-at-ietf-110/> https://blog.apnic.net/2021/03/30/congestion-control-at-ietf-110/>

 

DNS at IETF 110 by Geoff Huston

The amount of activity in the DNS at the IETF seems to be growing at every meeting. I thought the best way to illustrate the considerable body of DNS work being undertaken at the IETF these days would be to take a snapshot of DNS activity that was reported to the DNS-related Working Group meetings at the recent IETF 110.

< <https://www.potaroo.net/ispcol/2021-03/ietfdns.html> https://www.potaroo.net/ispcol/2021-03/ietfdns.html>

< <https://blog.apnic.net/2021/04/01/dns-at-ietf-110/> https://blog.apnic.net/2021/04/01/dns-at-ietf-110/>

 

Is RDAP ready to replace whois? by George Michaelson

Part of being a registry is being a phonebook for the Internet. But just as phonebooks have changed, so too are registries evolving. A core aspect of the ‘phonebook’ service that registries provide are known as ‘whois’ databases. ... There is work in progress, in the IETF REGEXT working group, to define the use of OAuth. This is likely to permit the privacy problem inherent in whois to be modified — public data will conform to regulations like the GDPR, and recognized users who can show credentials can be shown the higher privilege data they need.

< <https://blog.apnic.net/2021/04/02/is-rdap-ready-to-replace-whois/> https://blog.apnic.net/2021/04/02/is-rdap-ready-to-replace-whois/>

 

Let’s Thwart This Terrible Idea for Standards Setting: Yet another way that China–US tensions are threatening technological progress

For more than a century, the world has enjoyed a run of technological progress that has in countless ways made our lives enormously richer, more interesting, more comfortable, and more rewarding. Often overlooked in the background of this unimaginably vast enterprise, and yet helping to keep it running smoothly and efficiently, is a comparably sprawling international standards establishment. ... Outside the ISO/IEC network, global organizations produce standards for the internet (IETF, the Internet Engineering Task Force -1986), the web (W3C, the World Wide Web Consortium – 1994), and mobile broadband standards (3rd Generation Partnership Project, 3GPP – 1998).  The 3GPP is an association of the Chinese, European, Indian, Japanese, Korean, and U.S. telecommunications-industry associations.

< <https://spectrum.ieee.org/tech-talk/geek-life/history/lets-thwart-this-terrible-idea-for-standards-setting> https://spectrum.ieee.org/tech-talk/geek-life/history/lets-thwart-this-terrible-idea-for-standards-setting>

 

Digital Culture Wars: Donald Trump's "Make America Great Again" and China's Social Credit System

We are on the cusp of a grave risk where unscrupulous groups with various agendas are using digital technologies to wage cultural war to stamp out dissent and gain control and power. The two most prominent recent examples are Donald Trump's "Make America Great Again" (MAGA) and China's Social Credit System (SCS). The following piece was prompted by work on the UDHR and Internet Governance series, for CircleID to deal with UDHR Article 27 and the role of culture, arts, and science in the life of the community.

< <https://www.circleid.com/posts/20210330-digital-culture-wars-donald-trump-maga-and-china-social-credit/> https://www.circleid.com/posts/20210330-digital-culture-wars-donald-trump-maga-and-china-social-credit/>

 

The Insecurity of Ambiguous Standards

Why are networks so insecure? One reason is we don't take network security seriously. We just don't think of the network as a serious target of attack. Or we think of security as a problem "over there," something that exists in the application realm, that needs to be solved by application developers. ... For every RFC I've been involved in drafting, reviewing, or otherwise getting through the IETF, there are two reasons for each MAY or SHOULD therein.

< <https://www.circleid.com/posts/20210330-the-insecurity-of-ambiguous-standards/> https://www.circleid.com/posts/20210330-the-insecurity-of-ambiguous-standards/>

 

SK Telecom Latest Company to Join SRT Alliance

SK Telecom, a Korean wireless telecommunications operator, is the newest member of the SRT Alliance, a group of companies supporting the adoption of the SRT (Secure Reliable Transport) open source protocol. ... In addition, SKT is working with Havision, which founded the SRT Alliance, to establish SRT as the industry standard in the IETF.

< <https://www.tvtechnology.com/news/sk-telecom-latest-company-to-join-srt-alliance> https://www.tvtechnology.com/news/sk-telecom-latest-company-to-join-srt-alliance>

 

SK Telecom joins SRT Alliance, applies SRT for 5G video streaming services [registration]

The SRT Alliance, established by Haivision, has announced that South Korean operator SK Telecom has joined the SRT Alliance to support and adopt the SRT open source protocol. SRT Alliance currently has more than 450 members. SK Telecom has implemented SRT for transport of real-time low latency video over 5G networks. SK Telecom is also working with Haivision to establish SRT as the industry standard in the IETF.

< <https://www.telecompaper.com/news/sk-telecom-joins-srt-alliance-applies-srt-for-5g-video-streaming-services--1378068> https://www.telecompaper.com/news/sk-telecom-joins-srt-alliance-applies-srt-for-5g-video-streaming-services--1378068>

 

An IP over DWDM renaissance at 400G

... The final pillar in the new routed optical network architecture is network automation, which is accelerating rapidly for IP networks and will surely continue over the next decade. Much of this innovation is being defined within the Internet Engineering Task Force (IETF) and includes Path Computation Element Protocol (PCEP), segment routing and Bit Indexed Explicit Replication (BIER), among many others. Automation will drive network agility while also hitting the opex component of the total cost of ownership for transport networks.

< <https://www.lightreading.com/opticalip/routing/an-ip-over-dwdm-renaissance-at-400g/a/d-id/768513> https://www.lightreading.com/opticalip/routing/an-ip-over-dwdm-renaissance-at-400g/a/d-id/768513>

 

Top 12 most commonly used IoT protocols and standards

... 4. CoAP: The IETF Constrained RESTful Environments working group in 2013 launched CoAP, for Constrained Application Protocol, having designed it to work with HTTP-based IoT systems. CoAP relies on the User Datagram Protocol to establish secure communications and enable data transmission between multiple points. Often used for machine-to-machine (M2M) applications, CoAP enables constrained devices to join an IoT environment, even with the presence of low bandwidth, low availability and/or low-energy devices.

< <https://internetofthingsagenda.techtarget.com/tip/Top-12-most-commonly-used-IoT-protocols-and-standards> https://internetofthingsagenda.techtarget.com/tip/Top-12-most-commonly-used-IoT-protocols-and-standards>

 

Wireless TSN: Extending Time Sensitive Networking over Wireless to Support the Growing IoT

Both Wi-Fi 6 and 5G represent new opportunities for extending their wireless connectivity benefits to fast-evolving connected applications, such as in the IIoT and manufacturing to support robotics, automated production lines, and more, as well as in enterprises, transportation, and a host of other consumer applications. With both technologies growing rapidly, there has never been a better time for ensuring their wireless capabilities can meet the future needs of our connected world. ... Like the IIoT, the increasingly connected utilities industry is an ideal application for wireless TSN. Today’s electrical utilities rely on deterministic wired networks for the transmission, distribution, and generation of power. The IETF DetNet group has described the use case for deterministic networking in power grid applications in detail. Of note within their requirements is the density and variety of sensors that must be controlled in power grid applications; the need for redundant transport pathways for reliability; and the importance of security. The latter concern is pushing utilities toward the adoption of the best practices in packet-based networking and security: an open standards-based network that enables interoperability between vendors, driving down costs and opening options for applying the best security tools in the IT industry to also secure the grid. Real-time reliable wireless access and control of grid sensors will be critical to ensuring the growth of IoT in the utilities industry.

< <https://www.thefastmode.com/expert-opinion/19433-wireless-tsn-extending-time-sensitive-networking-over-wireless-to-support-the-growing-iot> https://www.thefastmode.com/expert-opinion/19433-wireless-tsn-extending-time-sensitive-networking-over-wireless-to-support-the-growing-iot>

 

Netmask flaw allows hackers to bypass server access controls

Security researchers have discovered a bug in the networking npm library netmask that enables hackers to bypass servers’ access controls and launch server-side request forgery attacks. ... In the case of the netmask npm library, it’ll strip and discard any leading zeros. According to the original IETF specification, portions of an IPv4 address can be interpreted as octal if preceded by a "0" prefix.

< <https://www.itpro.co.uk/infrastructure/network-internet/359056/netmask-flaw-could-allow-hackers-to-bypass-access-controls> https://www.itpro.co.uk/infrastructure/network-internet/359056/netmask-flaw-could-allow-hackers-to-bypass-access-controls>

 

Commerce Eases Encryption Export Controls, Reporting Requirements

...  Elimination of the notification requirements for most publicly available encryption source code and beta test software: Formerly, BIS required exporters to submit email notifications to the U.S. government with the Internet location of publicly available encryption source code, before such source code could be released from the EAR’s controls. BIS required similar notifications before permitting exports of best test encryption software. BIS has eliminated the email notification requirement for publicly available encryption source code, as well as beta test encryption software, as long as the source code and beta test software do not implement non-standard cryptography. (Note that non-standard cryptography generally involves incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body, e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA, and that have not otherwise been published.)

< <https://www.wiley.law/alert-Commerce-Eases-Encryption-Export-Controls-Reporting-Requirements> https://www.wiley.law/alert-Commerce-Eases-Encryption-Export-Controls-Reporting-Requirements>

< <https://www.jdsupra.com/legalnews/commerce-eases-encryption-export-8294170/> https://www.jdsupra.com/legalnews/commerce-eases-encryption-export-8294170/>

 

Telefónica Germany Partners With Blue Planet to Execute iFUSION SDN

... The hierarchical SDN controller framework is at the heart of this new architecture and consists of an end-to-end multi-domain SDN controller at the upper level, with lower-level multi-vendor SDN controllers in each transport network domain. A variety of open standard southbound interfaces (SBIs) and northbound interfaces (NBIs) are utilized for communication between upperand lower-level SDN controllers, and with underlying vendor-specific controllers, including the ONF Transport API (T-API) within the optical network and IETF-based standard APIs in the IP/MPLS network.

< <https://www.sdxcentral.com/articles/sponsored/syndicated/telefonica-germany-partners-with-blue-planet-to-execute-ifusion-sdn/2021/04/> https://www.sdxcentral.com/articles/sponsored/syndicated/telefonica-germany-partners-with-blue-planet-to-execute-ifusion-sdn/2021/04/>

 

IETF officially deprecates TLS 1.0 and TLS 1.1

The IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols on the grounds of security after several attacks were discovered over the past years that put encrypted internet communications relying on the two protocols at risk.

< <https://therecord.media/ietf-officially-deprecates-tls-1-0-and-tls-1-1/> https://therecord.media/ietf-officially-deprecates-tls-1-0-and-tls-1-1/>

 

Kwetsbaarheid in netmask raakt duizenden applicaties en repositories [Vulnerability in netmask affects thousands of applications and repositories]

... Volgens de IETF-specificatie kunnen delen van een IPv4-adres als een octaal worden beschouwd als het adres met een 0 begint. Netmask negeert dit en gaat van het decimale formaat uit. Wanneer een applicatie wil controleren of een ip-adres binnen een bepaalde reeks hoort, gaat het fout met octale weergaven van IPv4-adressen.

< <https://www.security.nl/posting/696920/Kwetsbaarheid+in+netmask+raakt+duizenden+applicaties+en+repositories> https://www.security.nl/posting/696920/Kwetsbaarheid+in+netmask+raakt+duizenden+applicaties+en+repositories>

 

TLS 1.0 a TLS 1.1 jsou formálně označeny jako zastaralé [TLS 1.0 and TLS 1.1 are formally marked as obsolete]

Organizace IETF formálně označila protokoly Transport Layer Security (TLS) verze 1.0 (RFC 2246) a 1.1 (RFC 4346) za zastaralé. Tyto protokoly z přelomu století nepodporují současné doporučované a bezpečné kryptografické algoritmy. Například současné prohlížeče už uživatele varují před návštěvou webů používajících takto slabé zabezpečení.

< <https://www.root.cz/zpravicky/tls-1-0-a-tls-1-1-jsou-formalne-oznaceny-jako-zastarale/> https://www.root.cz/zpravicky/tls-1-0-a-tls-1-1-jsou-formalne-oznaceny-jako-zastarale/>

 

TLS 1.0 и TLS 1.1 официально признаны устаревшими [TLS 1.0 and TLS 1.1 officially found obsolete]

Ни один современный браузер не загружает сайты по HTTPS, настроенному через эти протоколы. Инженерный совет интернета (IETF) официально признал криптографические протоколы TLS 1.0 и TLS 1.1 устаревшими в связи с представляемыми ими угрозами безопасности. IETF рекомендует всем компаниям, правительственным организациям и разработчикам ПО использовать актуальные версии TLS – TLS 1.2 и TLS 1.3, считающиеся безопасными.

< <https://www.securitylab.ru/news/517912.php> https://www.securitylab.ru/news/517912.php>

 

[April Fools] IETF ประกาศ RFC8962 ตั้งตำรวจโปรโตคอล ใครอิมพลีเมนต์ผิดมาตรฐานโดนตัดออกจากอินเทอร์เน็ต [IETF Announces RFC8962 Set Police Protocol Anyone who implements the wrong standard has been cut from the Internet. ]

IETF ประกาศ RFC8962 ก่อตั้งตำรวจโปรโตคอลตรวจจับการอิมพลีเมนต์โปรโตคอลผิดมาตรฐาน ทำให้เน็ตเวิร์คทำงานร่วมกันไม่ได้

< <https://www.blognone.com/node/122010> https://www.blognone.com/node/122010>

 

2021技术展望|开源十年,WebRTC的现状与未来 [Technology Outlook 2021 | open source decade, the current and future of WebRTC]

WebRTC 在今年 1 月被 W3C 和 IETF 发布为正式标准。从开源至今,十年的时间,倾注了众多开发者的贡献。本文由 Google WebRTC 产品经理 Huib Kleinhout 基于在由声网举办的 RTE 大会上的分享汇总整理,并增加了其近期对于 WebRTC 前景的看法。

< <http://www.ctiforum.com/news/guandian/585069.html> http://www.ctiforum.com/news/guandian/585069.html>

 

南威软件:关于独立董事公开征集委托投票权的公告 [Nanwei Software: Announcement on the public solicitation of delegated voting rights by independent directors]

... 1、本次征集投票权的征集人为公司现任独立董事崔勇先生,其基本情况如下: 崔勇,男,1976年8月出生,中国国籍,中共党员,清华大学计算机系学士、硕士、博士,现任清华大学计算机系教授、博导,清华大学计算机系网络所所长,南威软件独立董事。教育部青年长江学者奖励、国家优秀青年科学基金、教育部新世纪人才和中创软件人才奖获得者,中国通信标准化协会理事,国际互联网标准化组织IETF IPv6过渡工作组主席,曾任IEEE TPDS指委,现任IEEE TCC. IEEENetwork及IEEE Intemet Computing期刊编委。曾获国家技术发明奖二等奖、国家科学技术进步奖、省部级科技进步奖以及国家信息产业重大发明奖。

< <https://stock.stockstar.com/notice/SN2021040200001817.shtml> https://stock.stockstar.com/notice/SN2021040200001817.shtml>

 

**********************

SECURITY & PRIVACY

**********************

Is Cyberwar War? Can nation-states defend themselves from hackers and one another?

At a conference of chief technology officers in 2016, General Michael Hayden, former head of, at different times, both the NSA and the CIA, told the audience, “Cyberwar isn’t exactly war, but it’s not not-war, either.” Cyberattacks, at the nation-state level, were already almost a decade old at that point. In 2007, over the course of 22 days a Russian attack on Estonia took out commercial and government servers with distributed denial of service attacks; not just public websites but also what one report called “more vital targets, such as online banking and the Domain Name System,” without which people can’t find or look up websites and online servers.

< <https://spectrum.ieee.org/podcast/telecom/security/is-cyberwar-war> https://spectrum.ieee.org/podcast/telecom/security/is-cyberwar-war>

 

Today's Cyberattacks Foreshadow Wars to Come

Cyberattacks are no longer just a matter of cybersecurity, they directly threaten a country’s national security. Cyberattacks alter the character of warfare—much like nuclear weapons once did, allowing adversaries to potentially cross enemy lines to harm large numbers of innocent civilians.

< <https://spectrum.ieee.org/riskfactor/aerospace/military/todays-cyberattacks-foreshadow-wars-to-come> https://spectrum.ieee.org/riskfactor/aerospace/military/todays-cyberattacks-foreshadow-wars-to-come>

 

The Future of Cybersecurity is an International Cyber Convention

Last year, the U.S. government and several private U.S. companies suffered a devastating cyberattack, likely conducted by Russia. It took place through SolarWinds, a U.S. information technology firm, and went undetected for almost nine months. Up to 18,000 SolarWinds customers installed an update that created a backdoor, allowing hackers to install malware and spy. U.S. national security agencies deem the breach significant and ongoing, and the Biden administration has talked about imposing sanctions against Russia.

< <https://intpolicydigest.org/the-future-of-cybersecurity-is-an-international-cyber-convention/> https://intpolicydigest.org/the-future-of-cybersecurity-is-an-international-cyber-convention/>

 

NSA, CISA Promote Domain Name System Incorporating Threat Information

Federal cybersecurity agencies outlined the benefits and risks of using services that assimilate information on threats into the system that routes users through the internet to help avoid visits to malware-ridden websites.

< <https://www.nextgov.com/cybersecurity/2021/03/nsa-cisa-promote-domain-name-system-incorporating-threat-information/172688/> https://www.nextgov.com/cybersecurity/2021/03/nsa-cisa-promote-domain-name-system-incorporating-threat-information/172688/>

 

Cybersecurity: Council adopts conclusions on the EU's cybersecurity strategy

The Council today adopted conclusions on the EU's cybersecurity strategy for the digital decade. This strategy was presented by the Commission and the high representative for foreign affairs in December 2020. It outlines the framework for EU action to protect EU citizens and businesses from cyber threats, promote secure information systems and protect a global, open, free and secure cyberspace.

< <https://www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/> https://www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/>

 

Council adopts cybersecurity strategy conclusions

The Council of the European Union (EU), currently chaired by Portugal, on Monday (22 March) adopted conclusions on the EU cybersecurity strategy, particularly about fifth-generation mobile networks (5G), aimed at protecting against cyber threats.

< <https://www.euractiv.com/section/cybersecurity/news/council-adopts-cybersecurity-strategy-conclusions/> https://www.euractiv.com/section/cybersecurity/news/council-adopts-cybersecurity-strategy-conclusions/>

 

The Path to Combatting Domain Abuse by Graeme Bunton

Completely eradicating malware, botnets, phishing, pharming, and spam from the Domain Name System is not possible. That may be an odd statement from someone who just took the leadership position at the DNS Abuse Institute, but it's meant to underscore the scope of the work ahead of us. There will always be bad actors exploiting the DNS for their own criminal purposes, but working together, we can mitigate their impact.

< <https://dnsabuseinstitute.org/the-path-to-combatting-abuse/> https://dnsabuseinstitute.org/the-path-to-combatting-abuse/>

 

A vulnerable internet needs global standards and security

For a loosely connected, globally distributed system with no central governing authority, the Internet is remarkably dependable. Robust enough to cope with the unexpected, it features back-up capabilities ranging from redundant network paths to virtual servers that compensate for physical hardware failures.

< <https://www.securitymagazine.com/articles/94950-a-vulnerable-internet-needs-global-standards-and-security> https://www.securitymagazine.com/articles/94950-a-vulnerable-internet-needs-global-standards-and-security>

 

CYBERUK: flagship event set to take place in fully digital format

THE UK’s flagship cyber security conference CYBERUK will be fully virtual this year - allowing wider access to world-class experts than ever before.

< <https://www.ncsc.gov.uk/news/cyberuk-2021-flagship-conference-set-to-return-with-fully-digital-format> https://www.ncsc.gov.uk/news/cyberuk-2021-flagship-conference-set-to-return-with-fully-digital-format>

 

Four-Pronged Approach to Keep Your Domain Names and DNS Secure from Cyberattacks

Domain names, DNS, and digital certificates are fundamental components of the most important applications that enable your company to conduct business - including your website, email, voice-over IP, and more. However, these vital applications are being attacked with an increasingly high level of sophistication and severity.

< <https://www.circleid.com/posts/20210325-approach-to-keep-your-domain-names-dns-secure-from-cyberattacks/> https://www.circleid.com/posts/20210325-approach-to-keep-your-domain-names-dns-secure-from-cyberattacks/>

 

New NCSC CEO warns against complacency while outlining future cyber risks

In her first speech as chief executive of the new NCSC, Lindy Cameron has paid tribute to the bold decision to create a public-facing cyber security organisation within GCHQ. The virtual speech to an audience at Queen’s University, Belfast, saw Lindy Cameron outline why she thinks all of the UK has a role to play in making the UK the safest place to live and do business online.

< <https://www.ncsc.gov.uk/news/ncsc-ceo-first-speech> https://www.ncsc.gov.uk/news/ncsc-ceo-first-speech>

 

**********************

INTERNET OF THINGS

**********************

Security by Design – New Security Testing Standard for IoT Devices

Tatjana Hein and Cornelia Schildt from the eco Association give an insight into the development of a security standard and label for IoT.

< <https://www.dotmagazine.online/issues/safeguarding-users-and-data/security-by-design-standard-for-iot-devices> https://www.dotmagazine.online/issues/safeguarding-users-and-data/security-by-design-standard-for-iot-devices>

 

How Internet of Things is enabling the next wave of development in pharma sector

In the Internet of Things ecosystem, every “thing” is geared up with a tiny sensor, microchips, UID’s that permit devices, physical objects things, and systems to intelligently interact with other objects and systems within the IoT environment. By enforcing IoT platforms, solutions, and services pharmaceutical companies can digitize and connect vital functions, elevate efficiencies, and assure product quality and compliance.

< <https://www.dqindia.com/internet-things-enabling-next-wave-development-pharma-sector/> https://www.dqindia.com/internet-things-enabling-next-wave-development-pharma-sector/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Is RDAP ready to replace whois?

Part of being a registry is being a phonebook for the Internet. But just as phonebooks have changed, so too are registries evolving. A core aspect of the ‘phonebook’ service that registries provide are known as ‘whois’ databases.

< <https://blog.apnic.net/2021/04/02/is-rdap-ready-to-replace-whois/> https://blog.apnic.net/2021/04/02/is-rdap-ready-to-replace-whois/>

 

Web co-location and its impact on the privacy benefits of domain name encryption

The use of network traffic encryption technologies, such as HTTPS/TLS, is on the rise since obtaining a TLS certificate has become easier and free of charge. However, even when encryption is enabled, users’ online activities are still leaked through domain names, which are exposed via DNS queries/responses and the Server Name Indication (SNI) extension of TLS.

< <https://blog.apnic.net/2021/04/05/web-co-location-and-its-impact-on-the-privacy-benefits-of-domain-name-encryption/> https://blog.apnic.net/2021/04/05/web-co-location-and-its-impact-on-the-privacy-benefits-of-domain-name-encryption/>

 

Cisco Redesigns Internet Infrastructure to Support a More Inclusive Future

Cisco today announced its strategy to help communication service providers and web scale companies around the world connect, secure and automate their networks to deliver a stronger, more accessible internet to everyone, everywhere, regardless of geographic limitations.

< <https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2150473> https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2150473>

 

Windows Server 2022: These are the big changes that Microsoft has planned

... Microsoft's open-source implementation of the QUIC protocol that will form the basis of HTTP/3 will be in Windows Server 2022. It's being used for SMB over QUIC, which is a more secure replacement for WebDAV to deliver SMB access without the expense and complexity of a VPN. This uses QUIC as the transport for SMB instead of TCP/IP and RDMA, with a tunnel that secures SMB even if encryption isn't enabled. "SMB over QUIC will be available with Azure Automanage and Windows Server 2022," Kumar told TechRepublic. "It will also be supported as a client in Windows 10 and on third-party platforms like Android and others."

< <https://www.techrepublic.com/article/windows-server-2022-these-are-the-big-changes-that-microsoft-has-planned/> https://www.techrepublic.com/article/windows-server-2022-these-are-the-big-changes-that-microsoft-has-planned/>

 

Windows Server 2022: ce sont les grands changements que Microsoft a prévus [Windows Server 2022: These are the big changes Microsoft has planned]

... L’implémentation open-source de Microsoft du protocole QUIC qui formera la base de HTTP / 3 sera dans Windows Server 2022. Il est utilisé pour SMB sur QUIC, qui est un remplacement plus sûr pour WebDAV pour fournir un accès SMB sans les frais et la complexité d’un VPN. Cela utilise QUIC comme transport pour SMB au lieu de TCP / IP et RDMA, avec un tunnel qui sécurise SMB même si le chiffrement n’est pas activé. « SMB over QUIC sera disponible avec Azure Automanage et Windows Server 2022 », a déclaré Kumar à Netcost-Security. « Il sera également pris en charge en tant que client dans Windows 10 et sur des plates-formes tierces comme Android et autres. »

< <https://www.netcost-security.fr/actualites/7997/windows-server-2022-ce-sont-les-grands-changements-que-microsoft-a-prevus/> https://www.netcost-security.fr/actualites/7997/windows-server-2022-ce-sont-les-grands-changements-que-microsoft-a-prevus/>

 

如何通过体系化的“底层设计”应对短视频火爆带来的流量“洪峰”? [How to deal with the traffic "peak" caused by the popularity of short videos through a systematic "underlying design"? ]

... 其次是协议优化,涉及HTTP 2、QUIC/HTTP 3以及如BBR等更新的拥塞控制算法,而短视频平台应针对具体网络环境动态选择拥塞控制算法。图二和图三反映出在移动网络中更有效的拥塞控制算法在固网中却未必如此,因此每一种TCP拥塞控制算法都有其最适合的网络环境,目前不存在可以解决繁杂且庞大的网络问题的万能药。终端用户对极致体验的追求不分时间、地点、内容和设备,如果短视频平台简单地选用一种TCP拥塞控制算法,那么势必会有部分终端用户难以快速获得高清、流畅的内容。因此,面对时刻处于动态变化之中的网络拥塞状况,短视频平台需要根据实际网络条件,自动选择最适合的TCP拥塞控制算法,对症下药才能解决问题。

< <http://sh.beareyes.com.cn/2/lib/202103/29/20210329018.htm> http://sh.beareyes.com.cn/2/lib/202103/29/20210329018.htm>

 

**********************

OTHERWISE NOTEWORTHY

**********************

New Resolver Policy Proposed to Improve Internet DNS Privacy

A new industry initiative – the ‘European DNS Resolver Policy‘ – has been established that aims to foster better standards for privacy and transparency across resolver services for the internet’s DNS, such as those run by UK or European broadband ISPs and third-party services (e.g. Google Public DNS).

< <https://www.ispreview.co.uk/index.php/2021/03/new-resolver-policy-proposed-to-improve-internet-dns-privacy.html> https://www.ispreview.co.uk/index.php/2021/03/new-resolver-policy-proposed-to-improve-internet-dns-privacy.html>

 

DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic

Being the backbone of the internet, the DNS protocol has undergone a series of improvements and enhancements over the past few years. The lack of stringent protections in the original DNS specification and discovery of security weaknesses over time, such as the decade-old Kaminsky bug, gave birth to the DNSSEC in 2010.

< <https://www.csoonline.com/article/3612768/dns-over-https-dns-over-tls-explained-encrypting-dns-traffic.html> https://www.csoonline.com/article/3612768/dns-over-https-dns-over-tls-explained-encrypting-dns-traffic.html>

 

Contract with Temporary RFC Series Project Manager has been extended to March 2022

The IAB has, based on the recommendation of RSOC, requested the Executive Director to extend the contract with the Temporary RFC Series Project Manager John Levine. The contract and SoW have been extended to March 2022 on the same terms and conditions. The Temporary RFC Series Project Manager is responsible for a subset of the tasks that are normally performed by the RFC Series Editor (RSE) while the RFC Editor Future Development Program is working on evolution of the RFC Editor model.

< <https://www.iab.org/2021/04/02/contract-with-temporary-rfc-series-project-manager-has-been-extended-to-march-2022/> https://www.iab.org/2021/04/02/contract-with-temporary-rfc-series-project-manager-has-been-extended-to-march-2022/>

 

Connectivity is the backbone to ensuring equality of access to education by Sir Tim Berners-Lee and Co-founder Rosemary Leith, World Wide Web Foundation

As the World Wide Web turns 32, Sir Tim Berners-Lee’s annual letter published on 12 March 2021 reflects on its power to catalyse change and celebrates the young people stepping up to tackle the world’s urgent challenges. Sir Tim urges system leaders to invest in global connectivity - while we talk about a generation of ‘digital natives’, far too many young people remain excluded and unable to use the web to share their talents and ideas for the benefit of the global community.

< <https://www.bettshow.com/bett-articles/connectivity-is-the-backbone-to-ensuring-equality-of-access-to-education> https://www.bettshow.com/bett-articles/connectivity-is-the-backbone-to-ensuring-equality-of-access-to-education>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home