[Newsclips] IETF SYN-ACK Newspack 2022-11-07

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Text: Jointly Build a Community with a Shared Future in Cyberspace

The internet is an important human achievement and a symbol of the arrival of the information age. As a new round of technological revolution and industrial transformation accelerates, the internet has turned the world into a global village, and the international community is becoming more and more interconnected, with a shared future becoming more apparent. It is the responsibility of all of humanity to develop, use, and manage the internet well and make it more beneficial to mankind. ... China has actively participated in the operation of global internet organizations. It has actively participated in the activities of platforms and organizations such as the Internet Corporation for Assigned Names and Numbers (ICANN). It has supported reform of the ICANN governance mechanism to increase the representation of developing countries, and to bring more internet information resources under concerted global management. China has also participated in the activities of the Internet Society (ISOC), IETF, and Internet Architecture Board (IAB). It has played a constructive role in facilitating community exchange, promoting technical R&D and application, and becoming closely involved in the formulation of relevant standards and rules.

< <https://global.chinadaily.com.cn/a/202211/07/WS63687246a3105ca1f2274748.html> https://global.chinadaily.com.cn/a/202211/07/WS63687246a3105ca1f2274748.html>

 

IAB Report to the Community for IETF 115

This is the IAB report for the period between IETF 114 and IETF 115. This report presents a summary of activities.

< <https://www.iab.org/2022/11/04/iab-report-to-the-community-for-ietf-115/> https://www.iab.org/2022/11/04/iab-report-to-the-community-for-ietf-115/>

 

Internet Governance in the IETF

In this video, you will learn how Internet governance works in the IETF. This video is part of the RIPE NCC's Internet Governance E-learning Course.

< <https://www.youtube.com/watch?v=8mUxcSbPw7g> https://www.youtube.com/watch?v=8mUxcSbPw7g>

 

Going dark

I’d like to reflect on a presentation by Paul Vixie at the October 2022 meeting of the North American Network Operators Group (NANOG 86), on the topic of the shift to pervasive encryption of application transactions on the Internet today. ... As Paul observed, several decades of unapologetic abuse by the powerful have led the IETF to reform the basic Internet protocol suite to integrate end-to-end privacy in their basic operation. There is the Transport Layer Security protocol with Encrypted Client Hello, DNS over HTTPS, and the replacement of TCP by the QUIC protocol.

< <https://www.potaroo.net/ispcol/2022-11/dark.html> https://www.potaroo.net/ispcol/2022-11/dark.html>

< <https://blog.apnic.net/2022/11/04/opinion-going-dark/> https://blog.apnic.net/2022/11/04/opinion-going-dark/>

< <https://circleid.com/posts/20221104-going-dark-how-the-increasingly-dark-network-is-creating-some-pretty-ugly-choices-for-site-security-administrators> https://circleid.com/posts/20221104-going-dark-how-the-increasingly-dark-network-is-creating-some-pretty-ugly-choices-for-site-security-administrators>

 

The new CIO security priority: Your software supply chain

... There are numerous cross-industry projects, including NIST’s National Initiative for Improving Cybersecurity in Supply Chains (NIICS), the Supply Chain Integrity, Transparency, and Trust (SCITT) initiative from Microsoft and other IETF members, as well as the OpenSSF Supply Chain Integrity Working Group.

< <https://www.cio.com/article/410904/the-new-cio-security-priority-your-software-supply-chain.html> https://www.cio.com/article/410904/the-new-cio-security-priority-your-software-supply-chain.html>

 

The Modern Encryption Debate: What’s at Stake?

... 2014: The internet tech community push towards better security: In 2014, the IETF published the RFC 7258 entitled “Pervasive monitoring is an attack”.

< <https://circleid.com/posts/20221102-the-modern-encryption-debate-whats-at-stake> https://circleid.com/posts/20221102-the-modern-encryption-debate-whats-at-stake>

 

TLS 1.0/1.1は使用禁止に　開発者は対策が急務 [TLS 1.0/1.1 banned, developers urgently need countermeasures]

... SSLは業界標準（デファクトスタンダード）として広く使われていたが、IETF▼が定めたいわゆるインターネット標準▼ではない。SSLの仕様はインターネットドラフト▼として公開され、それを基に各社はSSLを実装していた。 

< <https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/101800147/101800001/> https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/101800147/101800001/>

 

UCLA电子与计算机工程系田园老师课题组招收博士生 [UCLA's Department of Electrical and Computer Engineering Pastoral Teacher Research Group recruits doctoral students]

... 田园老师及其研究团队的工作目前已集成到各种平台 (例如 Android,Chrome,Facebook,Azure) 中, 还影响了 Internet 工程任务组 (IETF) 等标准组织的安全建议。她曾获得 2021 年谷歌学者奖，2021 年脸书研究奖，2020 年美国自然科学基金委员会杰出青年奖，2019 年亚马逊研究奖等。她的研究发表于机器学习 (NeurIPS, ICML, AAAI)，安全的顶级会议 (Oakland, Usenix Security, CCS, NDSS) 之外， 也多次发表于系统 (Ubicomp, WWW)的顶级会议中。她的项目也被 IEEE 综览，福布斯，有线杂志和电讯报等媒体多次报道。

< <http://5g.dizo.com.cn/zhpd/20221103/0359624.html> http://5g.dizo.com.cn/zhpd/20221103/0359624.html>

 

IETF专家为您剖析“如何实现IP网络切片？ [IETF experts will give you an analysis of "How to implement IP network slicing?"]

< <https://www.bilibili.com/video/BV1VG4y1x71f/?from=search> https://www.bilibili.com/video/BV1VG4y1x71f/?from=search>

 

탈중앙화 신원증명 DID가 온라인 개인정보보호에 미칠 영향 [How decentralized identity DID will affect online privacy]

... 탈중앙화된 디지털 신원증명 프로토콜의 초기 버전 중 하나는 UUID(Universally Unique Identifier, 범용 고유 식별자)로, GUID(Globally Unique Identifier, 전역 고유 식별자)라고도 불린다. 이 프로토콜은 1980년대에 발전해 오픈 소프트웨어 재단(Open Software Foundation)에 의해 표준화되었으며, 이어서 2005년 IETF RFC 4122에 의해 표준화됐다.

< <https://www.blockchaintoday.co.kr/news/articleView.html?idxno=25174> https://www.blockchaintoday.co.kr/news/articleView.html?idxno=25174>

 

**********************

SECURITY & PRIVACY

**********************

ICANN Calls for Volunteers to Plan for Changing the Root Zone DNSSEC Algorithm

ICANN is calling for volunteers to join a design team that will develop a plan for changing the cryptographic algorithm used for the DNS root key signing key and zone signing key.

< <https://www.icann.org/en/announcements/details/icann-calls-for-volunteers-to-plan-for-changing-the-root-zone-dnssec-algorithm-03-11-2022-en> https://www.icann.org/en/announcements/details/icann-calls-for-volunteers-to-plan-for-changing-the-root-zone-dnssec-algorithm-03-11-2022-en>

 

IANA Root KSK Ceremony 47

< <https://www.youtube.com/watch?v=YrV_P9xjHc8> https://www.youtube.com/watch?v=YrV_P9xjHc8>

 

How user experience and behavioural science can guide smart cybersecurity

Society needs to be equipped to defend against cyber attacks. More than at any time in our history, cyber criminals, hostile nation states and other malicious actors have access to sophisticated technology that can disrupt the operations of critical infrastructure, businesses, governments and the daily lives of people throughout the world.

< <https://www.weforum.org/agenda/2022/11/how-user-experience-and-behavioural-science-can-guide-smart-cybersecurity/> https://www.weforum.org/agenda/2022/11/how-user-experience-and-behavioural-science-can-guide-smart-cybersecurity/>

 

Cyber Threat to Electric Vehicle Charging Points Could Put the Brakes on Adoption

Governments around the world are pushing the move to greener technologies to combat climate change and reduce their reliance on hydrocarbons. Norway has built a network of 17,000 charging points, while the US Department of Transportation recently announced a $5B plan to create a new network of EV charging stations. However, while automotive companies are ramping up production of new electric vehicles, the industry is not doing enough to deal with cybersecurity concerns around, what are essentially, IoT devices.

< <https://blog.checkpoint.com/2022/11/02/cyber-threat-to-electric-vehicle-charging-points-could-put-the-brakes-on-adoption/> https://blog.checkpoint.com/2022/11/02/cyber-threat-to-electric-vehicle-charging-points-could-put-the-brakes-on-adoption/>

 

DNSAI Newsletter November 2022

We launched our DNS Abuse Intelligence initiative in September, and we’re now pleased to give it a name: DNSAI Compass. The next iteration of our Compass reporting is now published, and our interactive charts have been updated to include one more month of data. You can also read our full methodology in our first report published in September. Our intention is to establish a credible source of metrics for measuring and addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for reducing abuse across the DNS ecosystem. Please contact us if you’d like to learn more.

< <https://dnsabuseinstitute.org/dnsai-newsletter-november-2022/> https://dnsabuseinstitute.org/dnsai-newsletter-november-2022/>

 

IGF Open Forum on Strengthening Multistakeholder Collaboration on DNS Abuse

The Internet & Jurisdiction Policy Network will organize an Open Forum on “Strengthening Multistakeholder Collaboration on DNS Abuse” on Wednesday, November 30, 2022, from 9:30am to 10:30am EAT at the IGF taking place in hybrid format in Addis Ababa, Ethiopia.

< <https://www.internetjurisdiction.net/event/igf-strengthening-multistakeholder-collaboration-on-dns-abuse> https://www.internetjurisdiction.net/event/igf-strengthening-multistakeholder-collaboration-on-dns-abuse>

 

How user experience and behavioural science can guide smart cybersecurity

Society needs to be equipped to defend against cyber attacks. More than at any time in our history, cyber criminals, hostile nation states and other malicious actors have access to sophisticated technology that can disrupt the operations of critical infrastructure, businesses, governments and the daily lives of people throughout the world.

< <https://www.weforum.org/agenda/2022/11/how-user-experience-and-behavioural-science-can-guide-smart-cybersecurity/> https://www.weforum.org/agenda/2022/11/how-user-experience-and-behavioural-science-can-guide-smart-cybersecurity/>

 

Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression

On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.

< <https://blogs.microsoft.com/on-the-issues/2022/11/04/microsoft-digital-defense-report-2022-ukraine/> https://blogs.microsoft.com/on-the-issues/2022/11/04/microsoft-digital-defense-report-2022-ukraine/>

 

Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape

With the geopolitical context giving rise to cyberwarfare and hacktivism, alarming cyber operations and malignant cyberattacks have altered the trends of the 10th edition of the Threat Landscape report released today by the European Union Agency for Cybersecurity (ENISA).

< <https://www.enisa.europa.eu/news/volatile-geopolitics-shake-the-trends-of-the-2022-cybersecurity-threat-landscape> https://www.enisa.europa.eu/news/volatile-geopolitics-shake-the-trends-of-the-2022-cybersecurity-threat-landscape>

 

EU countries lay bare Europe’s limits in securing critical infrastructure

National governments have opposed several fundamental parts of the European Commission’s plan to strengthen the resilience of critical infrastructure.

< <https://www.euractiv.com/section/digital/news/eu-countries-lay-bare-europes-limits-in-securing-critical-infrastructure/> https://www.euractiv.com/section/digital/news/eu-countries-lay-bare-europes-limits-in-securing-critical-infrastructure/>

 

us: CISA Applauds the Beginning of Infrastructure Security Month Declaring Infrastructure Security is National Security

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced November 1 as the kickoff of Infrastructure Security Month. In our work to raise awareness of the importance of infrastructure security and to help share CISA’s extensive resources with critical infrastructure owners and operators, this year’s theme is Infrastructure Security is National Security: Drive Down Risk, Build Resilience.

< <https://www.cisa.gov/news/2022/11/01/cisa-applauds-beginning-infrastructure-security-month-declaring-infrastructure> https://www.cisa.gov/news/2022/11/01/cisa-applauds-beginning-infrastructure-security-month-declaring-infrastructure>

 

us: A Proclamation on Critical Infrastructure Security and Resilience Month, 2022

This month, we recommit to improving the resilience of our Nation’s critical infrastructure so it can withstand all hazards — natural and manmade. By building better roads, bridges, and ports; fortifying our information technology and cybersecurity across sectors, including election systems; safeguarding our food and water sources; moving to clean energy; and strengthening all other critical infrastructure sectors, we will lay the foundation for long-term security and prosperity.

< <https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/31/a-proclamation-on-critical-infrastructure-security-and-resilience-month-2022/> https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/31/a-proclamation-on-critical-infrastructure-security-and-resilience-month-2022/>

 

U.S. Defence Department Announces Plans for a Secure Internet in Space

The Department of Defence (DOD) has signed agreements with four companies to help develop a space-based communications network of commercial and military satellites. The project hopes to use military and commercial satellites to transport data across a secure communication architecture, ultimately delivering it to military users.

< <https://www.gizmodo.com.au/2022/11/defence-department-announces-plans-for-a-secure-internet-in-space/> https://www.gizmodo.com.au/2022/11/defence-department-announces-plans-for-a-secure-internet-in-space/>

 

UNITAR and NCA cooperate for the Global Cyber Security Forum

As the world becomes increasingly digitalized, with new disruptive technologies, practices, and actors appearing throughout the globe, it has become essential for institutions, governments, and companies to protect their cyber spaces from hackers and other forms of malicious elements.

< <https://unitar.org/about/news-stories/news/unitar-and-nca-cooperate-global-cyber-security-forum> https://unitar.org/about/news-stories/news/unitar-and-nca-cooperate-global-cyber-security-forum>

 

**********************

INTERNET OF THINGS

**********************

Mobility Talk Munich: “Data drives mobility”

In focus: Digitalisation and data use as drivers of sustainable, innovative and multimodal mobility solutions. With exciting developments such as mobility hubs, real labs and other projects, Munich is showing how digitalisation and the use of data can play a central role in the transport revolution.

< <https://international.eco.de/news/mobility-talk-munich-data-drives-mobility/> https://international.eco.de/news/mobility-talk-munich-data-drives-mobility/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Comparing TCP and QUIC

There is a common view out there that the Quick UDP Internet Connections (QUIC) transport protocol (RFC 9000) is just another refinement to the original Transmission Control Protocol (TCP) transport protocol (RFC 9293, RFC 793). I find it hard to agree with this sentiment, and for me, QUIC represents a significant shift in the set of transport capabilities available to applications in terms of communication privacy, session control integrity, and flexibility. QUIC embodies a different communications model that makes it intrinsically useful to many more forms of application behaviours. Oh, yes. It’s also faster than TCP!

< <https://www.potaroo.net/ispcol/2022-11/quicvtcp.html> https://www.potaroo.net/ispcol/2022-11/quicvtcp.html>

< <https://blog.apnic.net/2022/11/03/comparing-tcp-and-quic/> https://blog.apnic.net/2022/11/03/comparing-tcp-and-quic/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

One of the Biggest Problems in Regulating AI Is Agreeing on a Definition

In 2017, spurred by advocacy from civil society groups, the New York City Council created a task force to address the city’s growing use of artificial intelligence. But the task force quickly ran aground attempting to come to a consensus on the scope of “automated decision systems.” In one hearing, a city agency argued that the task force’s definition was so expansive that it might include simple calculations such as formulas in spreadsheets. By the end of its eighteen-month term, the task force’s ambitions had narrowed from addressing how the city uses automated decision systems to simply defining the types of systems that should be subject to oversight.

< <https://carnegieendowment.org/2022/10/06/one-of-biggest-problems-in-regulating-ai-is-agreeing-on-definition-pub-88100> https://carnegieendowment.org/2022/10/06/one-of-biggest-problems-in-regulating-ai-is-agreeing-on-definition-pub-88100>

 

Web inventor Tim Berners-Lee wants us to 'ignore' Web3: 'Web3 is not the web at all'

The creator of the web isn't sold on crypto visionaries' plan for its future and says we should "ignore" it. Tim Berners-Lee, the British computer scientist credited with inventing the World Wide Web in 1989, said Friday that he doesn't view blockchain as a viable solution for building the next iteration of the internet.

< <https://www.cnbc.com/2022/11/04/web-inventor-tim-berners-lee-wants-us-to-ignore-web3.html> https://www.cnbc.com/2022/11/04/web-inventor-tim-berners-lee-wants-us-to-ignore-web3.html>

< <https://www.msn.com/en-us/money/other/web-inventor-tim-berners-lee-wants-us-to-ignore-web3-web3-is-not-the-web-at-all/ar-AA13KeGS> https://www.msn.com/en-us/money/other/web-inventor-tim-berners-lee-wants-us-to-ignore-web3-web3-is-not-the-web-at-all/ar-AA13KeGS>

 

China’s Is Quietly Rewriting Rules That Run the World

So declared Olle Sturen in 1969. At the time, he headed the International Organization for Standardization (ISO), an institution that created the intermodal freight container (known as the twenty-foot equivalent unit), those ubiquitous metal boxes that utterly transformed global trade. A Swede who championed China’s entry into his Geneva-based organization in the 1970s, Sturen had an optimistic view of how the ISO’s work would bring the world together. It’s unlikely he would have envisioned how those standards would instead become a geo-strategic battleground between China and the West.

< <https://www.bloomberg.com/news/newsletters/2022-11-05/china-rewrites-the-rules-that-run-the-world-new-economy-saturday> https://www.bloomberg.com/news/newsletters/2022-11-05/china-rewrites-the-rules-that-run-the-world-new-economy-saturday>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home