[Newsclips] IETF SYN-ACK Newspack 2021-05-24

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

The IETF is not the ‘standards police’ by George Michaelson

“You can’t do that, the IETF said so” is something that nobody who actually knows the IETF would agree with. The problem is, outside of the IETF, a lot of people think this is how it works. Why do I bring this up, at this time? Well, a recent IETF draft has some rather unorthodox instructions, yet it makes an excellent point.

< <https://blog.apnic.net/2021/05/19/the-ietf-is-not-the-standards-police/> https://blog.apnic.net/2021/05/19/the-ietf-is-not-the-standards-police/>

 

A Primer in Registration Data Access Protocol (RDAP) Performance

Executive Summary: The DNS is essential to the overall functioning of the Internet. With millions of new domain names registered every year, it is important to have a mechanism that enables timely access to accurate details describing who has registered each domain. WHOIS has been the main communication protocol to query registration data for more than thirty-five years, however it presents several limitations such as lack of standardized query and response formats and inability to authenticate users. To overcome these limitations, in 2015, the IETF proposed a new protocol standardizing registration data access while supporting internationalized domain names (IDNs) and registration data, in addition to client authorization, and other features. Known as the Registration Data Access Protocol (RDAP), this new protocol enables access to registration data for current domain names, IP addresses, and Autonomous System Numbers (ASNs).This study investigates the performance of the RDAP services that have been deployed as it is an ICANN requirement that generic top-level domain (gTLD) registries and ICANN-accredited registrars must implement an RDAP service by the end of August 2019.

< <https://www.icann.org/en/system/files/files/octo-024-17may21-en.pdf> https://www.icann.org/en/system/files/files/octo-024-17may21-en.pdf>

 

OSCORE for IoT Security: Building Sustainable LPWAN Solutions, Part II

... Object Security for Constrained RESTful Environments (OSCORE) or RFC 8613 as the IETF calls it does some provides important benefits when compared to competing approaches:

< <https://www.iotforall.com/oscore-for-iot-security-building-sustainable-lpwan-solutions-part-ii> https://www.iotforall.com/oscore-for-iot-security-building-sustainable-lpwan-solutions-part-ii>

 

G7 And Technical Standards: Blink And You Might Have Missed The New Battleground

... Traditionally, governments have had a hands-off approach in the development and deployment of standards related to the Internet; their development was part of the consensus-based, community-driven process developed and nurtured by the IETF and their deployment was left to the market. A standard’s life has always depended on its utility and contribution to the evolution of the Internet.

< <https://www.techdirt.com/articles/20210517/09524046814/g7-technical-standards-blink-you-might-have-missed-new-battleground.shtml> https://www.techdirt.com/articles/20210517/09524046814/g7-technical-standards-blink-you-might-have-missed-new-battleground.shtml>

 

IAB Liaison Coordinator role established

The IAB has created a new Liaison Coordinator role as part of our effort to remodel our internal handling of our liaison oversight responsibility. With this effort, the IAB aims to maintain a better overview of all on-going liaison activities, to provide our liaison managers with better support, and be more actively involved when necessary as well as be able to react quickly as needed.

< <https://www.iab.org/2021/05/20/iab-liaison-coordinator-role-established/> https://www.iab.org/2021/05/20/iab-liaison-coordinator-role-established/>

 

Call for Feedback on Community Coordination Group Appointments

On behalf of the IETF, the IAB appoints three representatives to the Community Coordination Group (CCG), which provides advice and guidance to the IETF Trust in matters related to the IANA trademarks and the IANA domain names. The process for appointing these representatives is outlined in RFC 8090.

< <https://www.iab.org/2021/05/18/call-for-feedback-on-community-coordination-group-appointments/> https://www.iab.org/2021/05/18/call-for-feedback-on-community-coordination-group-appointments/>

 

Bluetooth: a viable solution for IoT? [Industry Perspectives]

Abstract: ... To achieve that, the Bluetooth Special Interest Group (SIG) introduced Bluetooth Low Energy (BLE), which was first specified in Bluetooth 4.0 [3] and further improved in Bluetooth 4.1 [4]. In addition, the Bluetooth stakeholders also expanded work on it, with the IETF working on the standardization effort of facilitating Bluetooth in exchanging IP packets.

< <https://ieeexplore.ieee.org/abstract/document/7000963> https://ieeexplore.ieee.org/abstract/document/7000963>

 

Future ready – how to map the four forces of disruption and succeed with business insights

Launched in 2012, YourStory's Book Review section features over 300 titles on creativity, innovation, entrepreneurship, and digital transformation. See also our related columns The Turning Point, Techie Tuesdays, and Storybites. ... tandards-setting, trade, cybersecurity, and big tech (FAANG) regulation are areas to closely monitor. Some standards are voluntary and industry-driven (e.g., GSMA, IETF, W3C, OASIS), others are mandated by government.

< <https://yourstory.com/2021/05/future-technology-innovation-disruption-business/amp> https://yourstory.com/2021/05/future-technology-innovation-disruption-business/amp>

 

112. IETF-Treffen im Herbst in Madrid wieder als Präsenzveranstaltung [112th IETF meeting in Madrid in autumn again as a face-to-face event]

Die IETF plant ihr 112. Treffen für November 2021 als Präsenzveranstaltung in Madrid. Seit ihrem 108. Treffen im Juli 2020, das in Madrid hätte stattfinden sollen, fanden alle Treffen nur online statt. Für November 2021 hingegen ist wieder ein Vorort-Treffen und wieder in Madrid angesetzt.

< <https://domain-recht.de/domain-events/sonstige-events/november-2021-112-ietf-treffen-im-herbst-in-madrid-wieder-als-praesenzveranstaltung-67917.html> https://domain-recht.de/domain-events/sonstige-events/november-2021-112-ietf-treffen-im-herbst-in-madrid-wieder-als-praesenzveranstaltung-67917.html>

 

Was ist die IETF? [What is the IETF?]

Die Internet Engineering Task Force, kurz IETF, widmet sich der Weiterentwicklung und der Optimierung des Internets. Die international agierende Arbeitsgruppe ist in sieben thematische Bereiche aufgeteilt.

< <https://www.dev-insider.de/was-ist-die-ietf-a-1013883/> https://www.dev-insider.de/was-ist-die-ietf-a-1013883/>

 

Capítulo português da Internet Society faz diagnóstico da adopção de normas de segurança na internet portuguesa [Portuguese chapter of the Internet Society diagnoses the adoption of security standards on the Portuguese internet ]

O Capítulo Português da Internet Society acabou de publicar o Primeiro Diagnóstico do Estado da Adopção de Normas de Segurança na Internet Portuguesa que dá uma panorâmica do progresso de adopção dessas normas, definidas pela IETF, por diversos sectores da Internet portuguesa.

< <https://www.securitymagazine.pt/2021/05/18/capitulo-portugues-da-internet-society-faz-diagnostico-da-adopcao-de-normas-de-seguranca-na-internet-portuguesa/> https://www.securitymagazine.pt/2021/05/18/capitulo-portugues-da-internet-society-faz-diagnostico-da-adopcao-de-normas-de-seguranca-na-internet-portuguesa/>

 

Web Gerçek Zamanlı İletişimi (WebRTC) Nedir? Nerelerde Kullanılır? [What is Web Real-Time Communication (WebRTC)? Where is it used?]

WebRTC ( Web Gerçek Zamanlı İletişimi ), web tarayıcılarına ve mobil uygulamalara basit uygulama geliştirme arayüzü (API’ler) aracılığıyla gerçek zamanlı iletişim (RTC) sağlayan ücretsiz, açık kaynaklı bir projedir. Direkt olarak eşler arası iletişime izin vermesi ile, eklenti yükleme veya uygulama indirme ihtiyacını ortadan kaldırarak, ses ve video iletişiminin web sayfalarında kolaylıkla kullanılmasını sağlar. Apple, Google, Microsoft, Mozilla ve Opera tarafından desteklenen WebRTC, World Wide Web Konsorsiyumu (W3C) ve İnternet Mühendisliği Görev Gücü (IETF) aracılığıyla standartlaştırılmaktadır.

< <https://www.teknovudu.com/web-gercek-zamanli-iletisimi-webrtc-nedir-nerelerde-kullanilir/> https://www.teknovudu.com/web-gercek-zamanli-iletisimi-webrtc-nedir-nerelerde-kullanilir/>

 

WebRTCは開始から10年後に公式のWeb標準へ [WebRTC to become official web standard 10 years after its insocim]

Web Real-Time Communications（WebRTC）は、最近、World Wide Web Consortium（W3C）の推奨およびインターネット技術特別調査委員会（IETF）の標準になった。これは、WebRTCの長い道のりの主要なマイルストーンである。これは、Googleが主要な通信技術をオープンソース化し、エリクソンがConnectionPeer APIを実装することで、2011年に始まった。WebRTCワーキンググループがWebRTC Working Group strives to integrate 新しいユースケース（オーディオフィードとビデオフィードのライブ処理、モノのインターネットのユースケースなど）の統合に努めると共に、この新しい標準は進化し続ける。

< <https://www.infoq.com/jp/news/2021/05/webrtc-official-web-standard/> https://www.infoq.com/jp/news/2021/05/webrtc-official-web-standard/>

 

豫见517 | 中国通信学会滕伟：不断升级演进，打造高质量承载网 [See 517 | Teng Wei, China Communications Society: Continuously upgrade evolution to create a high-quality carrier network]

... 目前产业界各方已在5G承载领域展开了积极部署。从标准组织来看，ITU-T、IEEE802.1和IETF等多个国际标准化组织正分别开展L1-L3的确定性承载技术标准研究和定制；我国CCSA、IMT-2020（5G）推进组下属5G承载工作组等多个组织也都在积极开展5G承载相关技术标准和产业应用研究。从运营商、设备商、芯片模块、测试厂商来看，各大厂商已针对5G时代下的承载网，进行了创新性的探索。

< <https://finance.sina.com.cn/tech/2021-05-21/doc-ikmyaawc6712810.shtml> https://finance.sina.com.cn/tech/2021-05-21/doc-ikmyaawc6712810.shtml>

 

**********************

SECURITY & PRIVACY

**********************

EU Member States test rapid Cyber Crisis Management

CySOPEx 2021 is testing for the first time today the procedures for prompt and effective cyber crisis management in the EU to face large-scale, cross border cyber-attacks. 

< <https://www.enisa.europa.eu/news/enisa-news/eu-member-states-test-rapid-cyber-crisis-management> https://www.enisa.europa.eu/news/enisa-news/eu-member-states-test-rapid-cyber-crisis-management>

 

ETSI releases Mitigation Strategy Report on Securing Artificial Intelligence

ETSI has recently released ETSI GR SAI 005, a report which summarizes and analyses existing and potential mitigation against threats for AI-based systems. Setting a baseline for a common understanding of relevant AI cyber security threats and mitigations will be key for widespread deployment and acceptance of AI systems and applications. This report sheds light on the available methods for securing AI-based systems by mitigating known or potential security threats identified in the recent ENISA threat landscape publication and ETSI GR SAI 004 Problem Statement Report. It also addresses security capabilities, challenges, and limitations when adopting mitigation for AI-based systems in certain potential use cases.

< <https://www.etsi.org/newsroom/press-releases/1927-etsi-releases-mitigation-strategy-report-on-securing-artificial-intelligence> https://www.etsi.org/newsroom/press-releases/1927-etsi-releases-mitigation-strategy-report-on-securing-artificial-intelligence>

 

Is cybersecurity in rail more important now than ever?

Railway systems and operators are increasingly coming under attack from cyberthreats. Even European railways were not spared from data breaches and ransom threats. To counter cyberattacks, projects such as the 4SECURail – which allow to identify and share threats along the whole network – are being developed at the EU level. We find out if with these projects, cybersecurity is becoming more important now than ever before. 

< <https://www.railway-technology.com/features/is-cybersecurity-rail-important-now-ever/> https://www.railway-technology.com/features/is-cybersecurity-rail-important-now-ever/>

 

Improved BGP Routing Security Adds Another Important Layer of Protection to Online Networks

As part of our ongoing efforts to improve the robust security of our network and protection of our customers, we recently improved our Border Gateway Protocol (BGP) security by deploying Resource Public Key Infrastructure (RPKI) validation and signing across our network. These are important steps to ensure the security and reliability of the routing infrastructure of our network and other networks around the world that exchange packets with the Comcast network.

< <https://corporate.comcast.com/stories/improved-bgp-routing-security-adds-another-layer-of-protection-to-network> https://corporate.comcast.com/stories/improved-bgp-routing-security-adds-another-layer-of-protection-to-network>

 

Comcast now blocks BGP hijacking attacks and route leaks with RPKI

Comcast, one of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks.Comcast, one of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks.

< <https://www.bleepingcomputer.com/news/security/comcast-now-blocks-bgp-hijacking-attacks-and-route-leaks-with-rpki/> https://www.bleepingcomputer.com/news/security/comcast-now-blocks-bgp-hijacking-attacks-and-route-leaks-with-rpki/>

 

Zero-trust security: Assume that everyone and everything on the internet is out to get you – and maybe already has

President Joe Biden’s cybersecurity executive order, signed May 12, 2021, calls for the federal government to adopt a “zero-trust architecture.” This raises a couple of questions. What is zero-trust security? And, if trust is bad for cybersecurity, why do most organizations in government and the private sector do it?

< <https://theconversation.com/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get-you-and-maybe-already-has-160969> https://theconversation.com/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get-you-and-maybe-already-has-160969>

 

us: CISA and Local Partners Conduct Tabletop Exercise in Preparation for the U.S. Olympic Team Track and Field Trials

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), private sector partners, local first responders, and state and federal partners held a tabletop exercise today to test emergency response and recovery operations in preparation for the U.S. Olympic Team Trials – Track & Field, which will be held June 18-27 at Hayward Field on the University of Oregon campus.

< <https://www.cisa.gov/news/2021/05/19/cisa-and-local-partners-conduct-tabletop-exercise-preparation-us-olympic-team-track> https://www.cisa.gov/news/2021/05/19/cisa-and-local-partners-conduct-tabletop-exercise-preparation-us-olympic-team-track>

 

us: CIS 2020 Year in Review

The Center for Internet Security's 2020 Year in Review highlights all the efforts the cybersecurity nonprofit accomplished in its 20th year in business.

< <https://www.cisecurity.org/white-papers/cis-2020-year-in-review/> https://www.cisecurity.org/white-papers/cis-2020-year-in-review/>

 

**********************

INTERNET OF THINGS

**********************

European Initiative for the Internet of Things

A consortium is preparing to ramp up production of Geonav IoT, a seamless indoor/outdoor positioning solution for sports applications, asset tracking and aiding drone traffic management. The GNSS module is a high- accuracy, dual-frequency system- on-chip with an integrated, low- power application processor.

< <https://insidegnss.com/european-initiative-for-the-internet-of-things/> https://insidegnss.com/european-initiative-for-the-internet-of-things/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

China Standards 2035: How China plans to win the future with its own international tech standards

For two and a half centuries, international technology standards have been an engine for wealth creation and dominance largely belonging to the West. However, this is now changing. China is quickly stepping up, creating a new kind of competition – no longer about technological superiority – but about rule making and system design.

< <https://www.scmp.com/comment/opinion/article/3134216/china-standards-2035-how-china-plans-win-future-its-own> https://www.scmp.com/comment/opinion/article/3134216/china-standards-2035-how-china-plans-win-future-its-own>

 

First Public Working Drafts: WebGPU and WebGPU Shading Language

The GPU for the Web Working Group has published the following two First Public Working Drafts: WebGPU: WebGPU exposes an API for performing operations, such as rendering and computation, on a Graphics Processing Unit; WebGPU Shading Language: WebGPU Shader Language (WGSL) is the shader language for WebGPU. That is, an application using the WebGPU API uses WGSL to express the programs, known as shaders, that run on the GPU.

< <https://www.w3.org/blog/news/archives/9059> https://www.w3.org/blog/news/archives/9059>

 

WebGPU soll zum offiziellen Standard werden [WebGPU to become the official standard]

Das W3C hat die ersten Entwürfe für WebGPU und eine Shadersprache veröffentlicht. Browser bekommen damit eine neue Grafikschnittstelle.

< <https://www.golem.de/news/w3c-webgpu-soll-zum-offiziellen-standard-werden-2105-156605.html> https://www.golem.de/news/w3c-webgpu-soll-zum-offiziellen-standard-werden-2105-156605.html>

 

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home