[Newsclips] IETF SYN-ACK Newspack 2021-03-22

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

How to Make Progress on Implementing IPv6 in Government

Every internet-connected device a federal agency deploys, whether a smartphone, tablet, laptop or sensor, needs to have an IP address. Increasingly, such devices have IP addresses that run on the IPv6 protocol, the most recent version of the Internet Protocol defined by the Internet Engineering Task Force.

< <https://fedtechmagazine.com/article/2021/03/how-make-progress-implementing-ipv6-government-perfcon> https://fedtechmagazine.com/article/2021/03/how-make-progress-implementing-ipv6-government-perfcon>

 

Is indirection of traffic the next big thing in DNS privacy and beyond?

After Oblivious DoH, the Internet Engineering Task Force (IETF) were presented with Oblivious HTTP and Confidential Computing during the IETF 110 meeting. In essence these proposed mechanisms will try to shield users’ information from uninvited data krakens.

< <https://www.centr.org/news/news/ietf110-oblivious.html> https://www.centr.org/news/news/ietf110-oblivious.html>

 

Which RPKI-related RFCs should you read?

Resource Public Key Infrastructure (RPKI) is the way to cryptographically sign records that associate a Border Gateway Protocol (BGP) route announcement with the correct originating Autonomous System Number (ASN). ... To give a bit more context, the Internet Engineering Task Force (IETF) is the premier Internet standards body, developing open standards through open processes. The IETF works on a broad range of networking technologies organized into IETF Areas. The IETF Security Area, with more than 20 active Working Groups, provides a focal point for security-related technical work.

< <https://blog.apnic.net/2021/03/15/which-rpki-related-rfcs-should-you-read/> https://blog.apnic.net/2021/03/15/which-rpki-related-rfcs-should-you-read/>

 

Why Cisco Joined the Confidential Computing Consortium

... The good news is progress is being made. One place to look is the IETF’s Remote Attestation Working Group. In this venue, architectures for such specifications are nearing completion. But neither the IETF nor other traditional standards bodies have yet to float specific protocol proposals. Implementers only have access to a set of vendor-driven proposals. And each of these proposals has been framed upon the assumptions underlying a vendor’s specific TEE chipset.

< <https://blogs.cisco.com/networking/why-cisco-joined-the-confidential-computing-consortium> https://blogs.cisco.com/networking/why-cisco-joined-the-confidential-computing-consortium>

 

IETF wendet sich gegen unerwünschte Konzentration im Internet [IETF turns against unwanted concentration on the Internet]

Je mehr Dienste die wenigen großen Konzerne selbst abwickeln, desto anfälliger wird das Internet. Die IETF findet: Dagegen muss etwas getan werden.

< <https://www.heise.de/news/IETF-wendet-sich-gegen-unerwuenschte-Konzentration-im-Internet-5991490.html> https://www.heise.de/news/IETF-wendet-sich-gegen-unerwuenschte-Konzentration-im-Internet-5991490.html>

 

How to use standards contribution data to understand SEP portfolios

Standards consortia such as 3GPP, IEEE, JVT (AVC), JCT-VC (HEVC), JVET (VVC) and IETF are contribution based, which means that member companies submit technical proposals for inclusion in the standard. Alternative solutions are often proposed by several members. These competing proposals are either rejected or approved by all members.

< <https://www.iam-media.com/how-use-standards-contribution-data-understand-sep-portfolios> https://www.iam-media.com/how-use-standards-contribution-data-understand-sep-portfolios>

 

Verso un mondo cyber-fisico? Com’è iniziato e cosa sta accadendo [Towards a cyber-physical world? How it started and what's happening]

... L’équipe dei fondatori di Internet, con la leadership del carismatico Vinton Cerf, ha iniziato fin dagli anni ’80 a pensare in merito a come “istituzionalizzare” la loro funzione nell’electronic world che hanno contribuito a creare. Essi, infatti, creano nel 1986 l’Internet Engineering Task Force (IETF), organismo preposto alla fissazione degli standard per il funzionamento di Internet e ispirato ad una peculiare visione di democrazia auto-diretta, quasi anarchica, in quanto sono “the masters of a metaverse” e l’IETF “constitutes a radical social phenomenon” (Borsook, 1995).

< <https://www.agendadigitale.eu/cultura-digitale/dal-cyberspace-al-cyber-pysical-world-come-iniziato-e-cosa-sta-accadendo/> https://www.agendadigitale.eu/cultura-digitale/dal-cyberspace-al-cyber-pysical-world-come-iniziato-e-cosa-sta-accadendo/>

 

首个IETF国密标准正式发布，加速国密算法应用进程 [The first IETF national secret standard was officially released to speed up the application of national secret algorithm]

近日，《商密算法在TLS 1.3中的应用》标准（RFC 8998）在IETF发布，将国密算法应用到TLS（传输层安全协议） 1.3中。这也是我国首次正式将国密算法推进到IETF国际标准中，使得我国的国密算法第⼀次在TLS协议中被认可使⽤⽽⽆需担⼼互操作性和冲突问题。本标准的发布也将大力促进我国商用密码算法在行业内的应用。

< <https://www.sohu.com/a/455898275_99940985> https://www.sohu.com/a/455898275_99940985>

 

**********************

SECURITY & PRIVACY

**********************

DDoS's Evolution Doesn't Require a Security Evolution

DDoS attacks that take down online systems are nearly as old as the public Internet. But over the years, they have morphed and evolved into larger and more destructive forms — increasingly focused on monetization. Today, as organizations expand partnerships and supply chains — and with employees working from home due to the pandemic — the stakes are higher than ever.

< <https://www.darkreading.com/edge/theedge/ddoss-evolution-doesnt-require-a-security-evolution/b/d-id/1340410> https://www.darkreading.com/edge/theedge/ddoss-evolution-doesnt-require-a-security-evolution/b/d-id/1340410>

 

NSA, CISA Promote Domain Name System Incorporating Threat Information

Federal cybersecurity agencies outlined the benefits and risks of using services that assimilate information on threats into the system that routes users through the internet to help avoid visits to malware-ridden websites.

< <https://www.nextgov.com/cybersecurity/2021/03/nsa-cisa-promote-domain-name-system-incorporating-threat-information/172688/> https://www.nextgov.com/cybersecurity/2021/03/nsa-cisa-promote-domain-name-system-incorporating-threat-information/172688/>

 

NSA and CISA Release Cybersecurity Information on Protective DNS

The National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity information sheet, “Selecting a Protective DNS Service” on Thursday. This publication details the benefits of using a Protective Domain Name System (PDNS), which criteria to consider when selecting a PDNS provider, and how to effectively implement PDNS.

< <https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2523771/nsa-and-cisa-release-cybersecurity-information-on-protective-dns/> https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2523771/nsa-and-cisa-release-cybersecurity-information-on-protective-dns/>

 

International cooperation: EU, Japan and the US in joint cybersecurity training

The EU, US and Japan organised a week-long cybersecurity training for experts from partner countries in the Indo-Pacific region from March 8th to 12th.

< <https://ec.europa.eu/digital-single-market/en/news/international-cooperation-eu-japan-and-us-joint-cybersecurity-training> https://ec.europa.eu/digital-single-market/en/news/international-cooperation-eu-japan-and-us-joint-cybersecurity-training>

 

Cybersecurity: Council adopts conclusions on the EU's cybersecurity strategy

The Council today adopted conclusions on the EU's cybersecurity strategy for the digital decade. This strategy was presented by the Commission and the high representative for foreign affairs in December 2020. It outlines the framework for EU action to protect EU citizens and businesses from cyber threats, promote secure information systems and protect a global, open, free and secure cyberspace.

< <https://www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/> https://www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/>

 

Technology and science move to the heart of UK security

National power will be defined not by the number of tanks and ships a country possesses but by its science and technology, and the quality of its algorithms. That is the message of the UK's Integrated Review, which says the government's aim is for the country to become an innovation "superpower" by 2030.

< <https://www.bbc.com/news/technology-56421662> https://www.bbc.com/news/technology-56421662>

 

Illuminating Signposts and Guidelines for a More Secure Internet

Last month Farsight Security CEO Dr. Paul Vixie addressed the UK Cyber 9/12 Strategy Challenge attendees via keynote as well as by letter. The UK Cyber 9/12 Strategy Challenge is designed to identify and foster the next generation of policy and strategy leaders for the cybersecurity challenges of the future. Hosted by the Atlantic Council’s Cyber Statecraft Initiative, the Cyber 9/12 Strategy Challenge is a global cyberpolicy and strategy competition. We are re-publishing Dr. Vixie's inspirational letter below.

< <https://www.farsightsecurity.com/blog/long-view/commencement-20210317/> https://www.farsightsecurity.com/blog/long-view/commencement-20210317/>

 

Cybersecurity Report: “Smart Farms” Are Hackable Farms

Net- and IoT-connected agriculture could help feed 8.5 billion by 2030—but also may be broadly vulnerable to cybersecurity threats

< <https://spectrum.ieee.org/riskfactor/telecom/security/cybersecurity-report-how-smart-farming-can-be-hacked> https://spectrum.ieee.org/riskfactor/telecom/security/cybersecurity-report-how-smart-farming-can-be-hacked>

 

Network security standards

Ericsson joins with leading players across sectors such as ICT, transport, media, and academia, to drive and develop an industry-wide framework of common standards and together provide a strong baseline for seamless interoperability and secure evolution of the world’s mobile networks.

< <https://www.ericsson.com/en/future-technologies/standardization/network-security-standards> https://www.ericsson.com/en/future-technologies/standardization/network-security-standards>

 

Dirt Cheap DDoS for Hire, via D/TLS Amplification 

Who discovered it? Netscout’s Roland Dobbins, Steinthor Bjarnason, Michele DiDedda, Jon Belanger and Chris Conrad compiled this “Threat Summary”: While an anti-spoofing mechanism was designed into D/TLS from the outset, it was described in the relevant IETF RFCs as ‘may’, rather than ‘must’ in terms of implementation requirements. As a result, some D/TLS implementations do not leverage this anti-spoofing mechanism by default.

< <https://securityboulevard.com/2021/03/dirt-cheap-ddos-for-hire-via-d-tls-amplification/> https://securityboulevard.com/2021/03/dirt-cheap-ddos-for-hire-via-d-tls-amplification/>

 

**********************

INTERNET OF THINGS

**********************

New ITU standards optimize transport networks support for IMT-2020/5G

ITU has standardized a new technology optimizing the metro transport network to support IMT-2020/5G with carrier-class Ethernet. The new transport technology targets the transport of traffic from distributed and centralized radio access networks, providing the full range of operations, administration and management (OAM) capabilities required by carriers.

< <https://www.itu.int/en/myitu/News/2021/03/15/12/36/New-ITU-standards-optimize-transport-networks-support-for-5G> https://www.itu.int/en/myitu/News/2021/03/15/12/36/New-ITU-standards-optimize-transport-networks-support-for-5G>

 

ITU standards enhance capabilities of the Optical Transport Network

The latest updates to the ITU G.709 series enhance the Optical Transport Network (OTN) with new capabilities including an option for stronger forward error correction (FEC) for long-reach interfaces and additional security for short-reach interfaces.

< <https://www.itu.int/en/myitu/News/2021/03/15/12/18/ITU-standards-enhance-capabilities-of-the-Optical-Transport-Network> https://www.itu.int/en/myitu/News/2021/03/15/12/18/ITU-standards-enhance-capabilities-of-the-Optical-Transport-Network>

 

Your insecure Internet of Things devices are putting everyone at risk of attack

IoT devices are becoming more and more popular but many of the products people are installing don't come with adaquate security - and that's something cyber criminals can take advantage of.

< <https://www.zdnet.com/article/your-insecure-internet-of-things-devices-are-putting-everyone-at-risk-of-attack/> https://www.zdnet.com/article/your-insecure-internet-of-things-devices-are-putting-everyone-at-risk-of-attack/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Setting the standards for autonomous driving

Ahead of next week’s Symposium on the Future Networked Car, ITU News caught up with Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau, to learn more about the need for international standards to driving digital transformation in the automotive industry.

< <https://www.itu.int/en/myitu/News/2021/03/19/03/06/Setting-the-standards-for-autonomous-driving> https://www.itu.int/en/myitu/News/2021/03/19/03/06/Setting-the-standards-for-autonomous-driving>

 

Standards bodies to coordinate contributions to quantum information technology

Experts in quantum information technology and standardization are set to convene next week to discuss modes of cooperation capable of ensuring harmonized standards development.

< <https://www.itu.int/en/myitu/News/2021/03/17/12/52/Standards-bodies-to-coordinate-contributions-to-quantum-information-technology> https://www.itu.int/en/myitu/News/2021/03/17/12/52/Standards-bodies-to-coordinate-contributions-to-quantum-information-technology>

 

EU official: Road digitalisation will lead to safer and greener highways

Intelligent Transport Systems have the potential to increase road safety and efficiency, cutting emissions and saving lives, says Pierpaolo Tona.

< <https://www.euractiv.com/section/road-safety/interview/eu-official-road-digitalisation-will-lead-to-safer-and-greener-highways/> https://www.euractiv.com/section/road-safety/interview/eu-official-road-digitalisation-will-lead-to-safer-and-greener-highways/>

 

Digital collaboration to build back better by Houlin Zhao, ITU Secretary-General with Professor Jeffrey Sachs and members of The Lancet COVID-19 Commission

Digital technologies and services have proved essential since the start of the COVID-19 pandemic. We owe this in large part to the two phases of the World Summit on the Information Society (WSIS), organized in 2003 and 2005 by ITU on behalf of the UN family, which laid out the foundations for the remarkable development of information and communication technology (ICT) that we have witnessed over the past two decades.

< <https://www.itu.int/en/myitu/News/2021/03/19/11/41/Digital-collaboration-Lancet-COVID-19-Commission-Houlin-Zhao> https://www.itu.int/en/myitu/News/2021/03/19/11/41/Digital-collaboration-Lancet-COVID-19-Commission-Houlin-Zhao>

 

Digital Day 2021: Europe to reinforce internet connectivity with global partners

At Digital Day 2021, 25 Member States committed to reinforcing internet connectivity between Europe and its partners in Africa, Asia, the European neighbourhood, the Western Balkans and Latin America, by signing the Declaration on “European Data Gateways as a key element of the EU’s Digital Decade”.

< <https://ec.europa.eu/digital-single-market/en/news/digital-day-2021-europe-reinforce-internet-connectivity-global-partners> https://ec.europa.eu/digital-single-market/en/news/digital-day-2021-europe-reinforce-internet-connectivity-global-partners>

 

Digital Day 2021: EU countries commit to key digital initiatives for Europe's Digital Decade

Today, at the online Digital Day 2021, Ministers representing EU Member States signed three Declarations to pool efforts and resources to promote international connectivity, incentivise the rollout of clean digital technologies and improve the regulatory environment for start-ups and scale-ups. These tangible commitments will help accelerate Europe’s green and digital transformation and will contribute to the vision and goals of Europe's Digital Decade.

< <https://ec.europa.eu/digital-single-market/en/news/digital-day-2021-eu-countries-commit-key-digital-initiatives-europes-digital-decade> https://ec.europa.eu/digital-single-market/en/news/digital-day-2021-eu-countries-commit-key-digital-initiatives-europes-digital-decade>

 

EU states to commit to ‘digital declarations’ to foster green, startup-friendly future 

EU nations will on Friday (19 March) sign off on a series of declarations designed to ensure the bloc can build a sustainable, sovereign, and competitive future in its digital transition, documents obtained by EURACTIV reveal.

< <https://www.euractiv.com/section/digital/news/eu-states-to-commit-to-digital-declarations-to-foster-green-startup-friendly-future/> https://www.euractiv.com/section/digital/news/eu-states-to-commit-to-digital-declarations-to-foster-green-startup-friendly-future/>

 

Digital Day 2021: EU countries commit to key digital initiatives for Europe's Digital Decade

Today, at the online Digital Day 2021, Ministers representing EU Member States signed three Declarations to pool efforts and resources to promote international connectivity, incentivise the rollout of clean digital technologies and improve the regulatory environment for start-ups and scale-ups. These tangible commitments will help accelerate Europe's green and digital transformation and will contribute to the vision and goals of Europe's Digital Decade.

< <https://ec.europa.eu/commission/presscorner/detail/en/ip_21_1186> https://ec.europa.eu/commission/presscorner/detail/en/ip_21_1186>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home