[Newsclips] IETF SYN-ACK Newspack 2023-06-19

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

It’s time to team up and develop Open Standards and Open Education for the emergent InterNetworked Mobility Ecosystem by Vint Cerf, Max Senges & Marc-Oliver Pahl

Imagine a post-automotive-centered mobility where connected smart mobility devices coordinate our safety, security and comfort. We would have benefits such as close to zero accidents or traffic jams. While this is viable with today’s technology, missing interoperability between vendors inhibits this. As a major reason for the missing of this utopian scenario, we see the missing of open standards for information exchange. ... Instead of a multitude of walled gardens and disconnected islands we must learn from the origins of the Internet to create the next generation of mobility ecosystems. In order to develop open standards for interoperability, we should follow best practices, e.g. of the IETF . More concretely we should focus our joint efforts on the practices that would allow the digital mobility infrastructure to be developed according to the principles of open standards.

< <https://www.linkedin.com/pulse/its-time-team-up-develop-open-standards-education-emergent-max-senges/> https://www.linkedin.com/pulse/its-time-team-up-develop-open-standards-education-emergent-max-senges/>

 

Tool Helps you Focus on key RFCs

Resource Public Key Infrastructure (RPKI) continues to be a subject of active discussion within the IETF. Several proposed drafts are currently under discussion, and some have successfully transitioned into Request for Comments (RFCs), highlighting the growing importance of RPKI in bolstering the Internet’s security infrastructure over the past few years.

< <https://www.manrs.org/2023/06/tool-helps-you-to-focus-on-the-key-rfcs/> https://www.manrs.org/2023/06/tool-helps-you-to-focus-on-the-key-rfcs/>

 

Network-Security Testing Standard Nears Prime Time

Despite slow progress, NetSecOpen — a group of network-security companies and hardware testing organizations — aims to have its testing and benchmark standards in place by later this year. ... While the latest standards document is published as part of the IETF process, the eventual guidelines will not be an Internet standard to which equipment makers must adhere, but a common approach to testing methodology and configurations that improve the reproducibility and transparency of resulting tests.

< <https://www.darkreading.com/dr-tech/network-security-testing-standard-nears-prime-time> https://www.darkreading.com/dr-tech/network-security-testing-standard-nears-prime-time>

 

Comcast sparks field trials of low-latency DOCSIS

... "App developers mark traffic as latency sensitive, so that LLD can then manage the low latency flows to optimize application performance and quality for customers who use those applications," he explained. "Application marking is entirely voluntary and available for use with no special cost, agreement, or proprietary APIs. Comcast's use of LLD respects those markings in accordance with relevant IETF standards."

< <https://www.lightreading.com/cable-tech/comcast-sparks-field-trials-of-low-latency-docsis/d/d-id/785336> https://www.lightreading.com/cable-tech/comcast-sparks-field-trials-of-low-latency-docsis/d/d-id/785336>

 

90-Day SSL/TLS Validity Is Coming

... Fortunately, automation solutions have improved by leaps and bounds over the past several years. The Internet Security Research Group (ISRG) originated the Automated Certificate Management Environment (ACME) protocol for use with its free 90-day CA. The IETF has since standardized the ACME protocol; the protocol is now in version 2 and is supported by most CAs (both commercial and non-commercial). ACME uses cross-platform agents installed on web servers to pass domain-validation checks, then issues and installs certificates for those domains.

< <https://techbeacon.com/security/90-day-ssltls-validity-coming> https://techbeacon.com/security/90-day-ssltls-validity-coming>

 

Huawei reaffirms commitment to safe cyberspace at Cybersecurity Innovation Series and Awards 2023 [news release]

Huawei participated in the 6th edition of the Cybersecurity Innovation Series and Awards 2023, held in partnership with the UAE Cybersecurity Council and with the support of Dubai Electronic Security Center in Dubai. This event brought together cybersecurity experts, industry leaders, academics, and policymakers to share knowledge and experiences, network, and learn from each other. ... The company has proactively participated in the telecom cybersecurity standardization activities led by GSMA, ITU-T, 3GPP, and IETF. In 2022, Huawei submitted nearly 300 cybersecurity standards proposals to 3GPP and GSMA and partnered with mainstream security companies to ensure the cybersecurity of its customers and promote the healthy development of industries.

< <https://www.zawya.com/en/press-release/companies-news/huawei-reaffirms-commitment-to-safe-cyberspace-at-cybersecurity-innovation-series-and-awards-2023-dbv50toz> https://www.zawya.com/en/press-release/companies-news/huawei-reaffirms-commitment-to-safe-cyberspace-at-cybersecurity-innovation-series-and-awards-2023-dbv50toz>

< <https://www.itp.net/security/huawei-reaffirms-commitment-to-safe-cyberspace> https://www.itp.net/security/huawei-reaffirms-commitment-to-safe-cyberspace>

 

90-Day SSL/TLS Validity Is Coming

... Fortunately, automation solutions have improved by leaps and bounds over the past several years. The Internet Security Research Group (ISRG) originated the Automated Certificate Management Environment (ACME) protocol for use with its free 90-day CA. The IETF has since standardized the ACME protocol; the protocol is now in version 2 and is supported by most CAs (both commercial and non-commercial). ACME uses cross-platform agents installed on web servers to pass domain-validation checks, then issues and installs certificates for those domains.

< <https://techbeacon.com/security/90-day-ssltls-validity-coming> https://techbeacon.com/security/90-day-ssltls-validity-coming>

 

These devices can be a lifesaver for finding your keys. Victims say they also enabled their stalkers

... The plan has been submitted via the IETF, a leading standards development organisation in America, with a three month grace period for comments and reviews.

< <https://www.abc.net.au/news/2023-06-17/why-apple-is-being-sued-by-women-over-airtag-stalking/102421614> https://www.abc.net.au/news/2023-06-17/why-apple-is-being-sued-by-women-over-airtag-stalking/102421614>

< <https://www.msn.com/en-au/news/australia/these-devices-can-be-a-lifesaver-for-finding-your-keys-victims-say-they-also-enabled-their-stalkers/ar-AA1cEFq6> https://www.msn.com/en-au/news/australia/these-devices-can-be-a-lifesaver-for-finding-your-keys-victims-say-they-also-enabled-their-stalkers/ar-AA1cEFq6>

 

TLS-Zertifikate: So erkennen Sie eine gesicherte Verbindung [TLS certificates: How to recognise a secure connection]

... Das Verschlüsselungsprotokoll TLS wurde als Nachfolger des SSL, welches Anfang der 90er entwickelt wurde und inzwischen als unsicher gilt, von der IETF eingeführt. TLS hat selbst im Laufe der Zeit einige Neuerungen durchlaufen. Aktuell werden die Versionen TLS 1.2 und TLS 1.3 (veröffentlicht im August 2018) vom Bundesamt für Sicherheit in der Informationstechnik (BSI) empfohlen.

< <https://www.datenschutz-notizen.de/tls-zertifikate-so-erkennen-sie-eine-gesicherte-verbindung-1443249/> https://www.datenschutz-notizen.de/tls-zertifikate-so-erkennen-sie-eine-gesicherte-verbindung-1443249/>

 

« Là, je panique totalement » : quand les AirTag d’Apple sont utilisés pour espionner des femmes ["There I totally panic": when Apple's AirTags are used to spy on women]

... Les deux géants du numérique ont assuré avoir « le soutien » d’autres fabricants d’accessoires similaires, tels que Samsung, Tile, Pebblebee ou encore Chipolo. Ce cahier des charges, s’il est validé par l’IETF, devrait entrer en vigueur d’ici fin 2023.

< <https://www.leparisien.fr/high-tech/la-je-panique-totalement-quand-les-airtag-dapple-sont-utilises-pour-espionner-des-femmes-16-06-2023-MQDP2D2X3JH6NJCRFFIGRNSXDI.php> https://www.leparisien.fr/high-tech/la-je-panique-totalement-quand-les-airtag-dapple-sont-utilises-pour-espionner-des-femmes-16-06-2023-MQDP2D2X3JH6NJCRFFIGRNSXDI.php>

 

**********************

SECURITY & PRIVACY

**********************

Policy, Guns and Money: Cybersecurity and critical infrastructure

In this episode, ASPI’s Alex Caples speaks with Hamish Hansford, who was recently appointed deputy secretary of cyber and infrastructure security at the Department of Home Affairs. They discuss the links between cybersecurity, supply-chain security and critical infrastructure, as well as the rise in ransomware attacks, including on hospitals, and lessons learned from the Colonial Pipeline attack. They also talk about the amendments to the Security of Critical Infrastructure Act and what they mean for industry, and the role that government and industry need to play in securing Australia’s critical infrastructure.

< <https://www.aspistrategist.org.au/policy-guns-and-money-cybersecurity-and-critical-infrastructure/> https://www.aspistrategist.org.au/policy-guns-and-money-cybersecurity-and-critical-infrastructure/>

 

Disable internet-facing network management: US CISA

The US Cyber and Infrastructure Security Agency (CISA) has decided that internet-facing management interfaces can’t be secured properly, and has told government agencies in the country to disable them. In a newly-published binding operational directive, CISA is effectively banning remote management of any network-accessible device using any protocol.

< <https://www.crn.com.au/news/disable-internet-facing-network-management-us-cisa-596914> https://www.crn.com.au/news/disable-internet-facing-network-management-us-cisa-596914>

 

us: CISA Directs Federal Agencies to Secure Internet-Exposed Management Interfaces

The Cybersecurity and Infrastructure Security Agency (CISA) today issued Binding Operational Directive (BOD) 23-02, Mitigating the Risk from Internet-Exposed Management Interfaces, which requires federal civilian agencies to remove specific networked management interfaces from the public-facing internet or implement Zero Trust Architecture capabilities that enforce access control to the interface within 14 days of discovery.

< <https://www.cisa.gov/news-events/news/cisa-directs-federal-agencies-secure-internet-exposed-management-interfaces> https://www.cisa.gov/news-events/news/cisa-directs-federal-agencies-secure-internet-exposed-management-interfaces>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Huawei, 3GPP, and international partners launch a 5G-Advanced Core promotion initiative [news release]

The 5G-Advanced Core Industry Forum — hosted by China Academy of Information and Communications Technology (CAICT) and co-hosted by Huawei — was held at the China National Convention Center during the 31st PT Expo China. One of the most influential ICT industry events in Asia, PT Expo China gathers thought leaders and specialists from all walks of the telecom industry.

< <https://www.huawei.com/en/news/2023/6/5g-advanced-core-initiative> https://www.huawei.com/en/news/2023/6/5g-advanced-core-initiative>

 

Mobile phone makers to compulsorily disclose internet data capacity? Here's what Indian govt plans

... “There are phones ranging between '6,000-200,000' in the country. While mostly people buy phones looking at the camera, battery, built etc, we also want the companies to give an idea about the maximum data speeds that the devices would support. The plan is to make handset data speeds as one of the performance indicators,” stated a government official, adding that they are considering the rules as per international standards like 3GPP.

< <https://www.wionews.com/technology/mobile-phone-makers-to-compulsorily-disclose-internet-data-capacity-heres-what-indian-government-plans-605469> https://www.wionews.com/technology/mobile-phone-makers-to-compulsorily-disclose-internet-data-capacity-heres-what-indian-government-plans-605469>

< <https://www.msn.com/en-in/news/other/mobile-phone-makers-to-compulsorily-disclose-internet-data-capacity-here-s-what-indian-government-plans/ar-AA1cFG0V> https://www.msn.com/en-in/news/other/mobile-phone-makers-to-compulsorily-disclose-internet-data-capacity-here-s-what-indian-government-plans/ar-AA1cFG0V>

 

**********************

OTHERWISE NOTEWORTHY

**********************

With two patents and an IEEE publication, Meta’s Isha Oke is on a mission to democratise data science

Our Women in Tech series features Isha Oke, Data Science Lead at Meta. During her stint in Microsoft, she received two patents for inventing new ways of targeting devices and transforming data into features for ML.

< <https://yourstory.com/herstory/2023/06/woman-technology-patents-microsoft-meta> https://yourstory.com/herstory/2023/06/woman-technology-patents-microsoft-meta>

 

Celebrating the release of IEEE 802.3cz-2023 standard

KDPOF has welcomed the publication of the IEEE 802.3cz-2023 standard 'IEEE Standard for Ethernet Amendment 7: Physical Layer Specifications and Management Parameters for multi-gigabit glass optical fibre automotive Ethernet' with the final release by the IEEE Standards Association (IEEE SA).

< <https://www.electropages.com/2023/06/celebrating-release-ieee-8023cz-2023-standard> https://www.electropages.com/2023/06/celebrating-release-ieee-8023cz-2023-standard>

 

Updated FIDO Alliance Specifications Adopted as ITU International Standards [news release]

The FIDO Alliance announced today that two of its specifications, FIDO UAF 1.2 and CTAP 2.1, are recognized as international standards by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T). This milestone establishes these standards as official ITU standards (ITU-T Recommendations) for the global infrastructure of information and communication technologies (ICT).

< <https://fidoalliance.org/updated-fido-alliance-specifications-adopted-as-itu-international-standards/> https://fidoalliance.org/updated-fido-alliance-specifications-adopted-as-itu-international-standards/>

 

Quantum Computing Advance Begins New Era, IBM Says

Quantum computers today are small in computational scope — the chip inside your smartphone contains billions of transistors while the most powerful quantum computer contains a few hundred of the quantum equivalent of a transistor. They are also unreliable. If you run the same calculation over and over, they will most likely churn out different answers each time.

< <https://www.nytimes.com/2023/06/14/science/ibm-quantum-computing.html> https://www.nytimes.com/2023/06/14/science/ibm-quantum-computing.html>

 

A new web standard will add another layer of security to online payment services like Apple Pay [registration]

The World Wide Web Consortium is working to further secure online payments in browsers with a new technology that works alongside other payment services like Apple Pay, Google Pay, and more. Known as Secure Payment Confirmation (SPC), it allows various entities like merchants, banks, payment service providers, and card networks to reduce the obstacles associated with strong customer authentication (SCA) and generate cryptographic proof of user consent. These factors are crucial in meeting regulatory obligations such as Europe's Payment Services Directive (PSD2).

< <https://appleinsider.com/articles/23/06/15/a-new-web-standard-will-add-another-layer-of-security-to-online-payment-services-like-apple-pay> https://appleinsider.com/articles/23/06/15/a-new-web-standard-will-add-another-layer-of-security-to-online-payment-services-like-apple-pay>

 

W3C advances technology to streamline payment authentication: Secure Payment Confirmation (SPC) published as a Candidate Recommendation

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Secure Payment Confirmation (SPC) enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory requirements such as the Payment Services Directive (PSD2) in Europe.

< <https://sdtimes.com/w3c-advances-technology-to-streamline-payment-authentication-secure-payment-confirmation-spc-published-as-a-candidate-recommendation/> https://sdtimes.com/w3c-advances-technology-to-streamline-payment-authentication-secure-payment-confirmation-spc-published-as-a-candidate-recommendation/>

 

Call for Implementations: Secure Payment Confirmation published as a W3C Candidate Recommendation

The Web Payments Working Group today published a Candidate Recommendation for Secure Payment Confirmation (SPC), a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout.

< <https://www.w3.org/blog/news/archives/9948> https://www.w3.org/blog/news/archives/9948>

 

CollapseW3C updates its Process Document

The W3C Membership approved the 2023 W3C Process Document, which takes effect today.

< <https://www.w3.org/blog/news/archives/9959> https://www.w3.org/blog/news/archives/9959>

 

Congratulations to WBA on 20 Years of Wi-Fi Innovation

Since 2003, the Wireless Broadband Alliance (WBA) has worked tirelessly to advance seamless, interoperable Wi-Fi experiences throughout the global Wi-Fi ecosystem. CableLabs recognizes the importance of WBA’s contributions to the wireless community as it promotes collaboration among its members in areas such as NextGen Wi-Fi, OpenRoaming, 5G, IoT, Testing & Interoperability and Policy & Regulatory Affairs.

< <https://www.cablelabs.com/blog/how-nerf-technology-is-creating-the-next-generation-of-media> https://www.cablelabs.com/blog/how-nerf-technology-is-creating-the-next-generation-of-media>

 

The multiple roles IPv6 can play in today’s Internet

While IPv6 was standardized in 1998 and its deployment is progressing to overcome the depletion of the pool of IPv4 addresses, the way IP addresses are used today remains identical to the early days of the Internet.

< <https://blog.apnic.net/2023/06/12/the-multiple-roles-ipv6-can-play-in-todays-internet/> https://blog.apnic.net/2023/06/12/the-multiple-roles-ipv6-can-play-in-todays-internet/>

 

The Big Question Facing ICANN’s Contractual Governance Regime

ICANN never ceases to pose fascinating issues in global governance. At ICANN 77, held in Washington DC June 12 – 16, a dramatic debate took place about ICANN’s proper scope of authority. Some interest groups (mainly Registries and GAC) want ICANN to be empowered to enforce compliance with Registry Voluntary Commitments (RVCs), formerly known as Public Interest Commitments (PICs). Civil society groups and some Internet businesses see in the proposed change a threat to freedom of expression on the internet and an attempt to undermine ICANN’s multistakeholder policy development process.

< <https://www.internetgovernance.org/2023/06/15/the-big-question-facing-icanns-contractual-governance-regime/> https://www.internetgovernance.org/2023/06/15/the-big-question-facing-icanns-contractual-governance-regime/>

 

Digital Assembly 2023: A Digital, Open, and Secure Europe

Digital Assembly 2023 to announce the first submission and comprehensive expressions of interest for European Digital Infrastructure Consortia, gathering policy makers and businesses to debate ideas and actions for a digital, open, and secure Europe.

< <https://digital-strategy.ec.europa.eu/en/news/digital-assembly-2023-digital-open-and-secure-europe> https://digital-strategy.ec.europa.eu/en/news/digital-assembly-2023-digital-open-and-secure-europe>

 

Digital Assembly 2023 kicks off focusing on a digital, open and secure Europe

Today and tomorrow, the Commission together with the Swedish Presidency of the Council of the EU, is hosting the Digital Assembly 2023 in Stockholm.

< <https://digital-strategy.ec.europa.eu/en/news/digital-assembly-2023-kicks-focusing-digital-open-and-secure-europe> https://digital-strategy.ec.europa.eu/en/news/digital-assembly-2023-kicks-focusing-digital-open-and-secure-europe>

 

Cutting edge European quantum technologies on show at Digital Assembly

The Digital Assembly offered a chance to discuss Europe’s strengths in quantum research and innovation, and to watch demonstrations of quantum technology.

< <https://digital-strategy.ec.europa.eu/en/news/cutting-edge-european-quantum-technologies-show-digital-assembly> https://digital-strategy.ec.europa.eu/en/news/cutting-edge-european-quantum-technologies-show-digital-assembly>

 

The UK’s National Timing Centre programme

Time is sometimes called the invisible utility. We rely on increasingly accurate timing signals to sustain critical services such as telecommunications, power grids, banking and transportation. However, many organizations are unaware of their dependence on time or lack an understanding of where that time comes from.

< <https://www.itu.int/hub/2023/06/the-uks-national-timing-centre-programme/> https://www.itu.int/hub/2023/06/the-uks-national-timing-centre-programme/>

 

Time synchronization in data centres

Time synchronization is extremely important for almost every software application within a data centre.

< <https://www.itu.int/hub/2023/06/time-synchronization-in-data-centres/> https://www.itu.int/hub/2023/06/time-synchronization-in-data-centres/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home