[Newsclips] IETF SYN-ACK Newspack 2020-06-15

David Goldstein <david@goldsteinreport.com> Mon, 15 June 2020 13:24 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97F413A0783 for <newsclips@ietfa.amsl.com>; Mon, 15 Jun 2020 06:24:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPyIuWvNH2V8 for <newsclips@ietfa.amsl.com>; Mon, 15 Jun 2020 06:24:55 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFE5D3A0784 for <newsclips@ietf.org>; Mon, 15 Jun 2020 06:24:54 -0700 (PDT)
Received: from DGSurfaceBook (unknown [121.209.41.42]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id 8C65728076F for <newsclips@ietf.org>; Mon, 15 Jun 2020 09:24:51 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 121.209.41.42) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DGSurfaceBook
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 15 Jun 2020 23:24:48 +1000
Message-ID: <000a01d64318$59cd2120$0d676360$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01D6436C.2B7C1750"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-au
Thread-Index: AdZDGFdWBec64LC7TQquFm407/xObg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/V3VpWrUUXg2xfLP4gkJi4vyiu_4>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-06-15
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 13:25:00 -0000

**********************

IETF IN THE NEWS

**********************

5G Security Standards: What are They?

5G security standards include requirements for users’ equipment — primarily their tablets and smartphones — and the base stations in a 5G network. Other standards include various functions within the 5G system. ... The standard “Security architecture and procedures for 5G system” is a significant example of these standards. It was developed through the cooperation of the standards bodies that collectively make up 3GPP and through a partnership with the IETF.

<https://www.sdxcentral.com/5g/definitions/5g-security-standards/>

 

OpenZFS removed offensive terminology from its code

... In addition to specific terminology updates in specific projects, the IETF (Internet Engineering Task Force) published a memo in 2018 acknowledging and outlining the problem and offering specific alternatives to both master/slave and blacklist/whitelist terminology.

<https://arstechnica.com/tech-policy/2020/06/openzfs-removed-master-slave-terminology-from-its-codebase/>

 

UN Secretary General's Roadmap on Digital Cooperation: Creative Navigating in Stormy Cyberwaters by Wolfgang Kleinwächter

When UN Secretary-General Antonio Guterres announced in January 2020 that he was preparing a global "roadmap for digital cooperation," he had no idea that six months later, the world had made a quantum leap into the digital age. Home office, distance learning, online shopping, and video conferencing have been around for a long time, but the standstill of the real world during the pandemic has led to an unexpected expansion of the virtual world. ... This applies all the more to UN issues such as sustainable development goals, digital division, human rights protection, and the ethical use of artificial intelligence. All this is negotiated in UN bodies: WTO (digital trade), UNESCO (artificial intelligence), ITU (telecommunications), UN Human Rights Council (freedom of expression and data protection), UNDP (development), UNCTAD (eCommerce), ILO (Future of Work) etc. But also non-governmental bodies negotiate critical issues that have public-policy implications nowadays: ICANN (domain names), IETF (Internet protocols) or RIRs (IP addresses).

<http://www.circleid.com/posts/20200613-un-secretary-generals-roadmap-on-digital-cooperation/>

 

GitHub to retire 'master' label to erase slavery connotations

... Incidentally, Microsoft programmer, Scott Hanselman, last week published a blog echoing calls from the IETF that the ‘master-slave’ terminology is inappropriate. He also demonstrated how developers could replace the terms in their projects without much hassle.

<https://www.itpro.co.uk/software/development/356065/github-to-retire-master-label-to-erase-slavery-connotations>

 

No more ‘blacklists’ & ‘slaves’? Microsoft developer rekindles calls to make coding POLITICALLY CORRECT

... The censoring of the words behind the information on our screens follows a document published in 2018 by the IETF – an open standards organization that promotes voluntary internet standards. In the document, it attacks the coding terms ‘master-slave’ and ‘white-blacklist’ for their “racist and race-based meanings.”

<https://www.rt.com/news/491343-microsoft-coding-blacklists-slaves/>

 

Black Lives Matter : des développeurs souhaitent débarrasser le monde informatique de termes jugés racistes ou violents [developers want to rid the IT world of terms deemed racist or violent]

... Pour l'instant, les expressions à bannir n'ont pas trouvé de remplaçantes qui fassent consensus. L'IETF (Internet Engineering Task Force), le consortium international qui discute et édite les standards de l'informatique, fait une série de suggestions, parmi lesquelles "blocklist" (liste de refus) et "allowlist" (liste d'autorisation), ou encore "primaire-secondaire", pour la combinaison "master-slave". Sans que la communauté des développeurs ne se soit mise d'accord sur une option définitive.

<https://www.developpez.com/actu/306328/Black-Lives-Matter-des-developpeurs-souhaitent-debarrasser-le-monde-informatique-de-termes-juges-racistes-ou-violents-comme-whitelist-blacklist-master-slave-et-kill/>

 

Plus de «listes noires» et «esclaves»? Un développeur de Microsoft relance les appels pour rendre le codage POLITIQUEMENT CORRECT [No more "black lists" and "slaves"? Microsoft Developer Relaunches Calls To Make Coding POLICY CORRECT]

... La censure des mots derrière les informations sur nos écrans fait suite à un document publié en 2018 par l'IETF – une organisation de normalisation ouverte qui promeut les normes Internet volontaires. Dans le document, il attaque les termes de codage 'Maître d'esclave' et «Liste blanche-noire» pour leur «Significations racistes et raciales.» 

<https://news-24.fr/plus-de-listes-noires-et-esclaves-un-developpeur-de-microsoft-relance-les-appels-pour-rendre-le-codage-politiquement-correct/>

 

EuroDIG: Kein Konsens zu Regierungsbeteiligung in der Internet-Standardisierung [Bundestag vote: Law against hate crime on the Internet to be passed]

Berücksichtigen Unternehmen in der Standardisierung zu wenig das öffentliche Interesse, wer müsste das überhaupt vertreten? Das war Grundsatzthema der EuroDIG.

<https://www.heise.de/news/EuroDIG-Kein-Konsens-zu-Regierungsbeteiligung-in-der-Internet-Standardisierung-4782959.html>

 

Bojownicy o tolerancję wytaczają działa przeciwko Gitowi. Nie podoba im się gałąź master [Tolerance fighters are fighting against Git. They don't like the master branch]

Programista Scott Hanselman domaga się zmiany nazwy głównej gałęzi Gita z master na inną. Dlaczego? Bo obecna nomenklatura jego zdaniem budzi konotacje z niewolnictwem. Hanselman powołuje się na rekomendację IETF, niedochodowej organizacji zajmującej się standaryzacją internetu, która dostrzegła problem już w 2018 roku.

<https://www.dobreprogramy.pl/Bojownicy-o-tolerancje-wytaczaja-dziala-przeciwko-Gitowi.-Nie-podoba-im-sie-galaz-master,News,108348.html>

 

Nginx má experimentální podporu pro QUIC a HTTP/3 [Nginx has experimental support for QUIC and HTTP/3]

Společnost F5, která nyní vlastní firmu Nginx, oznámila přípravu experimentální podpory nového protokolu HTTP/3. Kód modulu http_v3_module je udržován odděleně v samostatném repozitáři, protože implementuje rozpracovaný standard QUIC od IETF. Zatím jde o experiment, který by neměl být nasazován do produkce. Už je ale připraven k testování interoperability s dalšími implementacemi.

<https://www.root.cz/zpravicky/nginx-ma-experimentalni-podporu-pro-quic-a-http-3/>

 

**********************

INTERNET OF THINGS

**********************

As Technology Use Increases, So Do Vulnerabilities: Six Steps Toward Security

According to a 2018 prediction made by Juniper Research, “the total number of connected IoT (internet of things) sensors and devices is set to exceed 50 billion by 2022.” I suspect that number could substantially grow now that technology is the way by which we work, shop, see the doctor and socialize.

<https://www.forbes.com/sites/forbescommunicationscouncil/2020/06/09/as-technology-use-increases-so-do-vulnerabilities-six-steps-toward-security/>

 

Welcome to a world where loT devices offer endless control by Mathew Dickerson, founder of regional tech and communications company Axxis Technology 

As I walked through my local supermarket this week, I performed one simple action that reminded me of the incredibly opulent society we live in. I checked the time on my watch and noticed that it was a little chilly outside.

<https://www.canberratimes.com.au/story/6790475/welcome-to-a-world-where-lot-ensures-control-of-everything/>

 

**********************

NEW TRANSPORT TECHNOLOGIES

**********************

Introducing a Technology Preview of NGINX Support for QUIC and HTTP/3

We are pleased to announce the technology preview of QUIC+HTTP/3 for NGINX at a special open source repository. This is pre‑release software, based on the IETF QUIC draft and is maintained in a development branch, isolated from the stable and mainline branches. The release is the culmination of several months of initial development, and is now ready for interoperability testing, feedback, and code contributions.

<https://www.nginx.com/blog/introducing-technology-preview-nginx-support-for-quic-http-3/>

 

**********************

SECURITY & PRIVACY

**********************

Mutually Agreed Norms for Routing Security (MANRS) 10 June 2020

The first-ever MANRS (Mutually Agreed Norms for Routing Security) Fellowship Program is now accepting applications. If you are an emerging leader eager to improve the well-being of the Internet’s global routing system, apply now.

<https://www.internetsociety.org/blog/2020/06/manrs-fellowship-program-now-open/>

 

Making the Most of Our MANRS Partnerships – NIC.br and Brazil Lead the MANRS Pack

Improving the state of routing security is no small task. It requires network operators, IXPs, and CDN and cloud providers of all sizes across the globe to work together, improve their own networks, and open lines of communications with both their friends and competitors to make a real difference.

<https://www.internetsociety.org/blog/2020/06/making-the-most-of-our-manrs-partnerships-nic-br-and-brazil-lead-the-manrs-pack/>

 

MANRS fellowship program now open

The first-ever Mutually Agreed Norms for Routing Security (MANRS) Fellowship Program is now accepting applications. If you are an emerging leader eager to improve the well-being of the Internet’s global routing system, apply now.

<https://blog.apnic.net/2020/06/10/manrs-fellowship-program-now-open/>

 

Q&A: The Pioneers of Web Cryptography on the Future of Authentication

Martin Hellman, Taher Elgamal, and Tom Jermoluk were instrumental in shaping how the Internet works. Now they're looking at what’s next for web security

<https://spectrum.ieee.org/tech-talk/telecom/security/pioneers-web-cryptography-future-authentication>

 

Spotlight on incident reporting of telecom security and trust services

The European Agency for Cybersecurity releases today a new visual tool to increase transparency about cybersecurity incidents.

<https://www.enisa.europa.eu/news/enisa-news/spotlight-on-incident-reporting-of-telecom-security-and-trust-services>

 

ENISA working group on Artificial Intelligence cybersecurity kick-off

Today, the European Union Agency for Cybersecurity, ENISA, is kicking off the Ad-Hoc Working Group on Cybersecurity for Artificial Intelligence, marking another milestone in the Agency’s work on emerging technologies.

<https://www.enisa.europa.eu/news/enisa-news/enisa-working-group-on-artificial-intelligence-cybersecurity-kick-off>

 

Facing the Cyber Pandemic by Michael Chertoff , Latha Reddy, Alexander Klimburg

The days when cyberspace could be regarded as a lawless wild west are long over. The Internet has become a critical part of our global infrastructure, and attacks against its core functions, especially in the context of the COVID-19 crisis, should be treated as the existential threats that they are.

<https://www.project-syndicate.org/commentary/pandemic-cybercrime-demands-new-public-core-norm-by-michael-chertoff-et-al-2020-06>

 

Ensuring Cybersecurity for Critical Civilian Infrastructure

Although the world has long needed a more systematic approach to cybersecurity, the issue has come to the fore as a result of the COVID-19 pandemic. The fact that cyberattacks are increasingly targeting health facilities underscores the need for a rapid, concerted policy response.

<https://cyberpeaceinstitute.org/blog/2020-06-11-ensuring-cybersecurity-for-critical-civilian-infrastructure>

 

The CyberPeace Institute Launches Cyber 4 Healthcare

While the healthcare sector is taking unprecedented measures to cope with the pandemic, the COVID-19 crisis has been used by malicious actors to perpetrate new cyberattacks, targeting hospitals and healthcare organizations and putting at risk thousands of human lives. In the month of March 2020 alone, hospitals, testing and medical facilities, government health agencies and even the World Health Organization (WHO) have fallen victim to cyber operations. We cannot accept that healthcare workers must fear attacks against their digital infrastructure, attacks that might have physical consequences and threaten human life.

<https://cyberpeaceinstitute.org/blog/2020-06-03-the-cyberpeace-institute-launches-cyber4healthcare>

 

Listen to the Hedge Podcast 39 to Learn about the Open Standards Everywhere Project

What is our Open Standards Everywhere (OSE) project all about? How did it get started? What are the project goals? What are some of the challenges web server operators face? How can we work together to make web servers more secure and available?

<https://www.internetsociety.org/blog/2020/06/listen-to-the-hedge-podcast-39-to-learn-about-the-open-standards-everywhere-project/>

 

us: NTIA Letter to FCC on Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs

The Executive Branch applauds the Commission’s decision to protect the information and communications technology supply chain by prohibiting the use of Universal Service Funds (USF) to acquire equipment or services produced or provided by a covered company posing a national security threat to the integrity of U.S. communications networks.

<https://www.ntia.gov/fcc-filing/2020/ntia-letter-fcc-protecting-against-national-security-threats-communications-supply>

 

Ageing and obsolete network assets create serious security risks

Ageing network assets are a security timebomb waiting to go off. A report by NTT Ltd titled 2020 Global Network Insights Report shows how bad the situation is across multiple industries. The report reinforces some of the findings from the Global Threat Intelligence Report, released by the company just last month.

<https://www.enterprisetimes.co.uk/2020/06/15/ageing-and-obsolete-network-assets-create-serious-security-risks/>

 

Enterprise internet attack surface is growing, report shows

The attack surface of large enterprises has grown in recent months driven by the new work conditions imposed by the Covid-19 pandemic. The threat has increased in many areas including servers that are directly accessible from the internet, domain names, websites, web forms, certificates, third-party applications and components or mobile apps.

<https://www.arnnet.com.au/article/680471/enterprise-internet-attack-surface-growing-report-shows/>

 

RiskIQ Analyzes Millions of Internet Observations to Map the Enterprise Attack Surface

RiskIQ ... released a new report analyzing the company’s internet-wide telemetry and massive internet data collection to reveal the true extent of the modern corporate digital attack surface. The report, ‘Analysis of an Attack Surface: Five Ways Hackers are Targeting Organizations,’ is a data-driven exploration of five areas of their digital presence where organizations lack visibility and the pathways hackers are exploiting these blind spots. ... Report highlights include: 1. The Global Attack Surface is much bigger than you think: RiskIQ observed 2,959,498 new domains (211,392 per day) and 772,786,941 new hosts (55,199,067) across the internet over two weeks, each representing a possible target for threat actors.

<https://www.riskiq.com/press-release/riskiq-analyzes-millions-of-internet-observations-to-map-the-enterprise-attack-surface/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

The Internet Needs a New Architecture that Puts Users First

Quarantine has changed the way we connect, online and off. As we rely on the internet more and more for work, social connections, and basic needs, it is time to talk about the future of meaningful online experiences, and the need for a new internet architecture. We need a user-focused, localized internet. This competitive architecture would deliver an experience that values real-time connectivity over one-way advertising and puts control with the user, not with big tech platforms.

<https://www.wired.com/story/opinion-the-internet-needs-a-new-architecture-that-puts-users-first/>

 

6G, European internet, censorship: EU Parliament sets out vision for digital services

The European Parliament has published research outlining technology trends for the next decade, such as 6G, autonomous transport and personalised healthcare, along with recommendations to enable European countries to be at the forefront of digitisation, including the creation of a regional internet.

<https://www.computerweekly.com/news/252484423/6G-European-Internet-Censorship-EU-Parliament-sets-out-vision-for-digital-services>

 

eu: The Digital Services Act package

As part of the European Digital Strategy, the European Commission has announced a Digital Services Act package to strengthen the Single Market for digital services and foster innovation and competitiveness of the European online environment.

<https://ec.europa.eu/digital-single-market/en/digital-services-act-package>

 

EU hits out at China's bid to rewrite rules of the internet

Chinese plans to rewrite the rules of the internet have been criticised by the European Commission, amid growing concerns the proposals could give too much power to state-owned providers.

<https://www.telegraph.co.uk/technology/2020/06/08/eu-hits-chinas-bid-rewrite-internet/>

<https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12338972>

 

What can the DNS tell us about the effect of working from home on the Internet?

At NANOG 79 earlier this month, Nokia Deepfield’s Craig Labowitz presented on the impact of the COVID-19 pandemic on Internet use in 2020. The approach to the analysis used real-time streaming telemetry from the Communication Service Providers (CSP) backbone and aggregation routers, and covered content provider networks in North America, Europe and parts of Asia.

<https://blog.apnic.net/2020/06/12/what-can-the-dns-tell-us-about-the-effect-of-working-from-home-on-the-internet/>

 

Action Plan Launched to Build Trust in Global Cyberspace

Digitalization has been revolutionizing our economies and societies for over two decades. Data fuels the digital economy, but it does so best when it can flow internationally. However, country-level data rules are diverse, disjointed and sometimes disruptive to these flows, lowering citizens’ trust in digital services, slowing growth and hindering societal benefits. As more people connect and tasks shift online in the “new normal” of COVID-19, governments need to find collective solutions to keep cyberspace open. This new report shows how that can be achieved.

<https://www.weforum.org/press/2020/06/action-plan-launched-to-build-trust-in-global-cyberspace>

 

eu: New Commission report shows the importance of digital resilience in times of crisis

The Commission has released the results of the 2020 Digital Economy and Society Index (DESI), which monitors Europe's overall digital performance and tracks the progress of EU countries with respect to their digital competitiveness.

<https://ec.europa.eu/digital-single-market/en/news/new-commission-report-shows-importance-digital-resilience-times-crisis>

 

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home