[Newsclips] IETF SYN-ACK Newspack 2023-04-11

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

A quantum of (networking) solace

IETF 116 has just finished in Yokohama. A notable inclusion in this meeting, forming part of more than one Working Group and a keynote at Plenary, was the recurrent question of quantum networks — are they becoming real, are they coming, and are they coming soon? Well, depending on your perspective, there’s both good and bad news here.

< <https://blog.apnic.net/2023/04/06/a-quantum-of-networking-solace/> https://blog.apnic.net/2023/04/06/a-quantum-of-networking-solace/>

 

IPv6 architecture and subnetting guide for network engineers and operators

As networks continue to expand, the need for effective management of IPv6 is becoming increasingly important. This guide is designed for network engineers and operators who are already familiar with the fundamentals and concepts of IPv6 and are looking for a practical guide on implementing an IPv6 architecture and subnetting system. I take an in-depth look at the most efficient ways to ensure a sufficient and future-proofed IPv6 subnetting model on a per-site and per-network segment basis. ... NAT66 is no different from traditional NAT44, — along with all the problems such as breaking Layer 4 (L4) protocols, forcing the need for an ALG, and the list goes on. The only difference is NAT66 supports IPv6 addressing. For this reason, the IETF came up with a new solution and method of ‘translation’ for IPv6 that is free from issues introduced by NAT, that is, IPv6-to-IPv6 Network Prefix Translation (NPTv6).

< <https://blog.apnic.net/2023/04/04/ipv6-architecture-and-subnetting-guide-for-network-engineers-and-operators/> https://blog.apnic.net/2023/04/04/ipv6-architecture-and-subnetting-guide-for-network-engineers-and-operators/>

 

Addressing Signaling Security in the Transition to 5G Networks

... Telecommunications signaling protocols are designed to control communications between endpoints and switching systems, essentially allowing for establishing and terminating a connection. Various protocols have been devised over the years for the different cellular generations, and those still in use today include Signaling System No. 7 (SS7) for 2G and 3G networks and Diameter for 4G. These are proprietary based protocols designed specifically for those cellular networks. With 5G networks, there is a drastic change in signaling, which will happen over the open network protocol HTTP used in the world wide web. Importantly, 5G networks will use the latest generation, HTTP/2, standardized in 2015 by the IETF.

< <https://www.spiceworks.com/tech/networking/guest-article/improve-signaling-security-5g/> https://www.spiceworks.com/tech/networking/guest-article/improve-signaling-security-5g/>

 

Quality of Service Part 3: Implementing DSCP

... In QoS Part 1 (opens in new tab) I discussed the IETF RFC 2597 (Assured Forwarding) standard, which assigns a standardized meaning to certain DSCP values. That standard is really designed for routers and is most useful in applications where all of the traffic between sites is aggregated to a link, like building-to-building or campus-to-campus links.

< <https://www.avnetwork.com/news/quality-of-service-part-3-implementing-dscp> https://www.avnetwork.com/news/quality-of-service-part-3-implementing-dscp>

 

Does the internet have a gatekeeper?

... So with all this technology that is constantly changing and evolving, who actually controls the internet? The simple answer is no one. There isn’t a CEO or president of the internet. In fact, no one person, company, or government runs it. Instead, it is a decentralised network of networks, with many different organisations like ICANN, IETF, W3C, ISOC (Internet Society) playing important roles in its operation and management. While each of these entities has a role to play in the functioning of the internet, none can claim to be its ultimate ‘head’.

< <https://kathmandupost.com/science-technology/2023/04/08/does-the-internet-have-a-gatekeeper> https://kathmandupost.com/science-technology/2023/04/08/does-the-internet-have-a-gatekeeper>

 

IMAP vs. POP3: 4 Leading Differences You Should Know

... The IMAP specification is created in the form of a Request for Comments (RFC), essentially a memorandum explaining the implementation of the protocol adopted as a benchmark by the IETF.

< <https://www.spiceworks.com/tech/tech-general/articles/imap-vs-pop3/> https://www.spiceworks.com/tech/tech-general/articles/imap-vs-pop3/>

 

Erster Schritt zur Interoperabilität von Messengern geschafft [First step towards interoperability of messengers completed]

Nach langer Arbeit ist das Verschlüsselungsprotokoll MLS fertig. Es kann Gruppenchats absichern und soll genutzt werden, um Messenger interoperabel zu machen. Dafür sind jedoch noch weitere Fragen offen, die eine Arbeitsgruppe der IETF beantworten will.

< <https://background.tagesspiegel.de/digitalisierung/erster-schritt-zur-interoperabilitaet-von-messengern-geschafft> https://background.tagesspiegel.de/digitalisierung/erster-schritt-zur-interoperabilitaet-von-messengern-geschafft>

 

El protocolo de cifrado de extremo a extremo de MLS ya fue estandarizado por el IETF [MLS's end-to-end encryption protocol has already been standardized by the IETF]

Messaging Layer Security (MLS) es una capa de seguridad para cifrar mensajes en grupos de dos a muchos tamaños. Se dio a conocer la noticia de que el Comité IETF, que desarrolla los protocolos y la arquitectura de Internet, aprobó la publicación del estándar MLS (Messaging Layer Security), que define un protocolo para organizar el cifrado de extremo a extremo en las aplicaciones de mensajería.

< <https://blog.desdelinux.net/el-protocolo-de-cifrado-de-extremo-a-extremo-de-mls-ya-fue-estandarizado-por-el-ietf/> https://blog.desdelinux.net/el-protocolo-de-cifrado-de-extremo-a-extremo-de-mls-ya-fue-estandarizado-por-el-ietf/>

 

IETF стандартизирует протокол сквозного шифрования MLS [IETF standardizes the MLS end-to-end encryption protocol]

Комитет IETF, занимающийся развитием протоколов и архитектуры интернета, утвердил публикацию стандарта MLS (Messaging Layer Security), определяющего протокол для организации сквозного шифрования в приложениях, выполняющих обмен сообщениями.

< <https://forpost-sevastopol.ru/newsfull/422840/ietf-standartiziruet-protokol-skvoznogo-shifrovaniya-mls.html> https://forpost-sevastopol.ru/newsfull/422840/ietf-standartiziruet-protokol-skvoznogo-shifrovaniya-mls.html>

 

IETF ออกมาตรฐาน Messaging Layer Security มาตรฐานกลางแห่งการเข้ารหัส end-to-end [IETF issues Messaging Layer Security, the central standard of end-to-end encryption.]

IETF ประกาศรองรับมาตรฐาน Messaging Layer Security (MLS) สำหรับการส่งข้อมูลเข้ารหัสแบบ end-to-end ที่ได้รับความนิยมกันในหมู่โปรแกรมแชตต่างๆ เช่น Signal แต่ MLS จะเปิดทางให้แอปต่างๆ ที่อาจเคยต้องพัฒนาโปรโตคอลของตัวเองสามารถใช้โปรโตคอลกลางได้ รวมถึงแอปพลิเคชั่นแบบอื่นๆ ที่ไม่ใช่แชตเช่นกัน

< <https://www.blognone.com/node/133337> https://www.blognone.com/node/133337>

 

校园IPv6地址规划和管理实践 [Campus IPv6 address planning and management practices]

... 2017年2月，IETF正式发布RFC8064，用RFC7217取代EUI-64模式，RFC7217引入了一种新的稳定语义不透明的地址生成方案。在RFC7943中，DHCPv6定义了类似的稳定不透明的接口标识符产生函数。表4列出这两种接口标识符机制产生的函数。这两种方式产生的接口标识符能够有效地减少用户所面临的地址关联分析和隐私挖掘风险。

< <https://www.edu.cn/xxh/ip6/202304/t20230403_2359541.shtml> https://www.edu.cn/xxh/ip6/202304/t20230403_2359541.shtml>

 

**********************

SECURITY & PRIVACY

**********************

DNSAI Bulletin 2023-04: Account Take-Overs

The DNSAI has encountered multiple reports of an increase in account take-overs at retail registrars across the industry. This bulletin is intended to help registrars identify and prevent these attacks.

< <https://dnsabuseinstitute.org/dnsai-bulletin-2023-04-account-take-overs/> https://dnsabuseinstitute.org/dnsai-bulletin-2023-04-account-take-overs/>

 

Applications Open for MANRS Mentors and Ambassadors Program

We’re happy to announce that applications are now open for this year’s MANRS Mentors and Ambassadors Program. Applications will close on 19 April, and the program will run for six months from 1 June until 1 December. Applications are available in the Internet Society Foundation’s online platform, which will require an account.

< <https://www.manrs.org/2023/04/applications-open-for-manrs-mentors-and-ambassadors-program/> https://www.manrs.org/2023/04/applications-open-for-manrs-mentors-and-ambassadors-program/>

 

Global DDoS-for-hire takedown

DDoS-for-hire systems are commonly known as ‘booters’ or ‘stressers’ in the Internet underground and security community. The term ‘booter’ derives from a common use-case for these services: To ‘boot’ a player out of a game by disrupting their connection, presumably allowing a competitive, attacking player to gain an advantage or deflate a target player’s ranking.

< <https://blog.apnic.net/2023/04/07/global-ddos-for-hire-takedown/> https://blog.apnic.net/2023/04/07/global-ddos-for-hire-takedown/>

 

eu: Cyber Resilience Act: Leading MEP proposes flexible lifetime, narrower reporting

The EU lawmaker spearheading the Cyber Resilience Act has produced a draft report pitching the removal of time obligations for products’ lifetime and limiting the scope of reporting to significant incidents, among other significant changes. The Cyber Resilience Act is a draft law introducing cybersecurity requirements for Internet of Things products (IoT), connected devices that can exchange data. The European Parliament’s rapporteur Nicola Danti circulated his draft report, seen by EURACTIV, with the other political groups on Friday (31 March).

< <https://www.euractiv.com/section/cybersecurity/news/cyber-resilience-act-leading-mep-proposes-flexible-lifetime-narrower-reporting/> https://www.euractiv.com/section/cybersecurity/news/cyber-resilience-act-leading-mep-proposes-flexible-lifetime-narrower-reporting/>

 

Security of DNS isn't be assured unless DNSSEC validation is enabled on the end user's client

The AD flag is used by (caching) DNS servers to indicate that they have validated the DNSSEC records. The idea is that the client doesn't then have to repeat the check.

< <https://www.sidn.nl/en/news-and-blogs/security-of-dns-isnt-be-assured-unless-dnssec-validation-is-enabled-on-the-end-users-client> https://www.sidn.nl/en/news-and-blogs/security-of-dns-isnt-be-assured-unless-dnssec-validation-is-enabled-on-the-end-users-client>

 

U.S. National Cybersecurity Strategy and Its Impact on Domain Security

Last month, the U.S. National Cybersecurity Strategy was launched providing a new roadmap for stronger collaboration between those operating within the digital ecosystem. The strategy calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked, while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world.

< <https://www.cscdbs.com/blog/u-s-national-cybersecurity-strategy-and-its-impact-on-domain-security/> https://www.cscdbs.com/blog/u-s-national-cybersecurity-strategy-and-its-impact-on-domain-security/>

 

Strategising cybersecurity: Why a risk-based approach is key

By 2027, cybercrime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cybersecurity is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organizations.

< <https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/> https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/>

 

Cybersecurity: Why cyber security is critical to a successful energy transition

This is the decade when the pace of the energy transition is set. A 1.5 degrees Celsius future can be achieved with the massive scale-up of existing technologies, such as carbon capture and storage, electrification, hydrogen, batteries and renewables.

< <https://worldoil.com/magazine/2023/march-2023/features/cybersecurity-why-cyber-security-is-critical-to-a-successful-energy-transition/> https://worldoil.com/magazine/2023/march-2023/features/cybersecurity-why-cyber-security-is-critical-to-a-successful-energy-transition/>

 

Retailers must invest in cybersecurity as hackers put them in hot seat

The frequency of cyberattacks has been increasing since 2020, with notable attacks on JD Sports and WHSmith reported in Q1 2023, as widespread remote working that began in response to Covid-19 enabled hackers to easily target employees accessing corporate networks through VPNs, according to GlobalData’s Cybersecurity in Retail and Apparel 2022 report. However, security breaches remain a significant threat even though companies have improved their cybersecurity in response to these threats through investment in zero-trust network access (ZTNA), which enables secure access to internal applications for remote workers.

< <https://www.retail-insight-network.com/comment/retailers-invest-cybersecurity-hackers/> https://www.retail-insight-network.com/comment/retailers-invest-cybersecurity-hackers/>

 

ICANN Webinar Series (MEA): KINDNS: A Framework to Improve Secured DNS Operations: 18 Apr

As part of the ICANN Webinar Series of the Middle East and Africa regions, the upcoming KINDNS: A Framework to Improve Secured DNS Operations webinar will be held virtually on Tuesday, 18 April 2023.

< <https://features.icann.org/event/icann-organization/icann-webinar-series-mea-kindns-framework-improve-secured-dns-operations> https://features.icann.org/event/icann-organization/icann-webinar-series-mea-kindns-framework-improve-secured-dns-operations>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Why standardization will accelerate the development of non-terrestrial networks (Reader Forum)

The battle for market share for satellite connectivity, delivered by non-terrestrial networks (NTNs), is well underway, with satellite companies, telcos and handset vendors all vying for a position in this rapidly growing market. We’ve already seen pioneering moves from a number of high-profile names, with early partnerships beginning to form that will ultimately enable seamless 5G NTN connectivity to become a reality.

< <https://www.rcrwireless.com/20230405/network-infrastructure/why-standardization-will-accelerate-the-development-of-non-terrestrial-networks-reader-forum> https://www.rcrwireless.com/20230405/network-infrastructure/why-standardization-will-accelerate-the-development-of-non-terrestrial-networks-reader-forum>

 

Avoir un Internet plus sûr et respectueux de la vie privée c'est enfin possible [Having a safer and more privacy-friendly Internet is finally possible]

... Au niveau confidentialité et sécurité, tout est parfaitement sécurisé avec un chiffrement de bout en bout via les protocoles DNS modernes non vulnérables à l'écoute clandestine et à la falsification par des intermédiaires de réseau malveillants (ou compromis), citons ainsi DNS‑over‑HTTPS, DNS‑over‑TLS, DNS‑over‑QUIC, DNS‑over‑HTTP/3 et DDR Encrypted Upgrade.

< <https://www.generation-nt.com/actualites/service-dns-dns0-europeen-gratuit-2035058> https://www.generation-nt.com/actualites/service-dns-dns0-europeen-gratuit-2035058>

 

Première ! La visio du Français Tixeo s’adapte aux conditions les plus mauvaises grâce à la couche réseau QUIC [First! The video of the French Tixeo adapts to the worst conditions thanks to the QUIC network layer]

L’éditeur français annonce que sa solution de visioconférence fonctionne dorénavant avec une nouvelle couche réseau pour s’adapter à toutes les conditions réseaux, y compris les plus extrêmes.

< <https://www.solutions-numeriques.com/premiere-la-visio-du-francais-tixeo-sadapte-aux-conditions-les-plus-mauvaises-grace-a-la-couche-reseau-quic/> https://www.solutions-numeriques.com/premiere-la-visio-du-francais-tixeo-sadapte-aux-conditions-les-plus-mauvaises-grace-a-la-couche-reseau-quic/>

 

TIXEO fait évoluer sa solution de visioconférence en utilisant la couche QUIC » Lettre économique et politique de PACA – . [TIXEO evolves its videoconferencing solution using the QUIC layer "Economic and Political Letter of PACA – .]

Tixeo, éditeur français proposant la seule technologie de visioconférence certifiée et qualifiée par l’ANSSI.

< <https://news.dayfr.com/technology/1626800.html> https://news.dayfr.com/technology/1626800.html>

 

**********************

OTHERWISE NOTEWORTHY

**********************

10G: Future-ready cable networks: The world is poised for 10-gigabit networks, and advances in DOCSIS 4.0 solutions could bring us closer to this reality

The cable industry’s vision for delivering 10-gigabit networks, or 10G, was first introduced at the 2019 Consumer Electronics Show (CES). At that event, the National Cable and Television Association (NCTA); the not-for-profit research and development lab CableLabs, and Cable Europe outlined their vision for the future of global cable television networks. Now, DOCSIS 4.0 advances are facilitating the realisation of 10G for more users.

< <https://www.fibre-systems.com/feature/10g-future-ready-cable-networks> https://www.fibre-systems.com/feature/10g-future-ready-cable-networks>

 

NIST fully retires the SHA-1 hash function

The US National Institute of Standards and Technology (NIST) has started the process of fully retiring the SHA-1 hash function. NIST retired SHA-1 from use in digital signatures (where the hash serves as a (cryptographically and statistically) unique summary) 10 years ago. Now the hash has also been retired from all other uses, including HMAC (authentication of messages on the basis of a shared key), random number generation and password hashing.

< <https://www.sidn.nl/en/news-and-blogs/nist-fully-retires-the-sha-1-hash-function> https://www.sidn.nl/en/news-and-blogs/nist-fully-retires-the-sha-1-hash-function>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home