[Newsclips] IETF SYN-ACK Newspack 2023-08-21

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

The Industry Discussion About Standards For Bluetooth-Enabled Physical Trackers is Finally Getting Started

... Detecting AirTags is just the beginning. What about every other Bluetooth-enabled physical tracker on the market? Google and Apple have proposed a solution: a standard for all physical tracker manufacturers to agree on which would make them detectable by default on iOS and Android phones. This standard could be great news, resulting in increased safety for an untold number of vulnerable people. But the details matter. There are some hard questions and a need to refine the companies’ new joint industry specification that dictates how a Bluetooth tracker detection can remain consistent. That is the purpose of the IETF Draft on Detection of Unwanted Location Trackers (DULT).

< <https://www.eff.org/deeplinks/2023/08/industry-discussion-about-standards-bluetooth-enabled-physical-trackers-finally> https://www.eff.org/deeplinks/2023/08/industry-discussion-about-standards-bluetooth-enabled-physical-trackers-finally>

 

The Standards Myth That Does Not Stop

The latest iteration of the most expansive, omnipotential cybersecurity legal regime ever drafted appeared a few days ago. (See: REPORT on the proposal for a regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020) The European Union (EU) Cyber Resilience Act (CRA) is attempting to assert jurisdiction and control over all “products with digital elements” defined as “any software or hardware product and its remote data processing solutions, including software or hardware components to be placed on the market.” ... Why is this important? Because almost every standard related to cybersecurity was developed after those agreements by international standards organisations other than ISO, IEC, and ITU, and it is those standards which are used globally by both private and public sectors. Organisations like 3GPP, IETF, and IEEE, among scores of others, are what matter today.

< <https://circleid.com/posts/20230820-the-standards-myth-that-does-not-stop> https://circleid.com/posts/20230820-the-standards-myth-that-does-not-stop>

 

Corporate report: National Cyber Strategy 2022 Annual Progress Report 2022-2023

Ministerial foreword: It has been just 18 months since we published the National Cyber Strategy 2022 – and already, the pace of geopolitical and technological change has surpassed our already- high expectations. Russia’s illegal invasion of Ukraine and rapid advancements in artificial intelligence have altered our world, with significant implications for our national security, our prosperity and our cyber power. Vital as it was in 2022, our cyber strategy is now more important than ever. ... We have also made significant progress in making the IETF more accessible to policymakers. In June 2023, we will publish the first public UK Digital Standards Strategy.

< <https://www.gov.uk/government/publications/national-cyber-strategy-2022-annual-progress-report-2022-2023/national-cyber-strategy-2022-annual-progress-report-2022-2023-html> https://www.gov.uk/government/publications/national-cyber-strategy-2022-annual-progress-report-2022-2023/national-cyber-strategy-2022-annual-progress-report-2022-2023-html>

 

Can we mitigate the impacts of the quantum threat?

... Other organisations have also played a vital role in laying the groundwork for post-quantum migration efforts. The IETF, which is responsible for setting security standards across the Internet, is another good example.

< <https://www.innovationnewsnetwork.com/can-we-mitigate-the-impacts-of-the-quantum-threat/36333/> https://www.innovationnewsnetwork.com/can-we-mitigate-the-impacts-of-the-quantum-threat/36333/>

 

EFF: fabrikanten bluetooth-trackers moeten informatie over gebruikers opslaan [EFF: manufacturers bluetooth trackers must store information about users]

... Bluetooth-trackers zijn kleine apparaatjes waarmee het mogelijk is om goederen terug te vinden. Ze kunnen echter ook voor het ongewenst tracken en stalken van personen worden gebruikt. Apple en Google presenteerden afgelopen mei een specificatie die mensen tegen ongewenste bluetooth-trackers moet beschermen. Vorige maand kwam de IETF bijeen om te praten over een voorstel voor de Detection of Unwanted Location Trackers (DULT). Dit zou dan een standaard kunnen worden die fabrikanten kunnen toepassen om hun trackers te laten detecteren of die via een smartphone op te sporen.

< <https://www.security.nl/posting/806987/EFF%3A+fabrikanten+bluetooth-trackers+moeten+informatie+over+gebruikers+opslaan> https://www.security.nl/posting/806987/EFF%3A+fabrikanten+bluetooth-trackers+moeten+informatie+over+gebruikers+opslaan>

 

3º MEETUP DO SW CANOAS: Evento online aborda crescente proximidade da internet no cotidiano [3rd SW CANOAS MEETUP: Online event addresses growing proximity to the internet in everyday life]

... Atualmente, Jéferson é co-coordenador da IETF Latin America (IETF-LAC) Task Force e co-secretário do Network Management Research Group (NMRG) do Internet Research Task Force (IRTF).

< <https://jornaltimoneiro.com.br/index.php/2023/08/19/3o-meetup-do-sw-canoas-evento-online-aborda-crescente-proximidade-da-internet-no-cotidiano/> https://jornaltimoneiro.com.br/index.php/2023/08/19/3o-meetup-do-sw-canoas-evento-online-aborda-crescente-proximidade-da-internet-no-cotidiano/>

 

技术分享| WebRTC之SDP详解 [Technology Sharing| WebRTC's SDP in detail]

WebRTC 是 Web Real-Time Communication，即网页实时通信的缩写，是 RTC 协议的一种Web实现，项目由 Google 开源，并和 IETF 和 W3C 制定了行业标准。

< <https://blog.csdn.net/anyRTC/article/details/132364882> https://blog.csdn.net/anyRTC/article/details/132364882>

 

科创移动|让算力像用水电一样便捷 中国移动引领算网融合创新 [Science and Technology Mobile|Make computing power as convenient as water and electricity China Mobile leads the integration and innovation of computing and network]

... 算力网络的发展面临科学与工程的诸多难题，中国移动作为前沿技术的开拓者，坚持科技创新，结合工程创造，跨越了一道道难关。中国移动构建了算力网络的技术体系、标准体系，牵头国内外标准组织97个立项项目，主导完成行业首个算力网络总体技术要求，主导原创标志性技术“算力路由”在国际标准组织IETF实现突破进展。面向未来，中国移动持续探索先进算力技术，布局下一代光网络，攻关算网一体的新架构。

< <http://www.news.cn/info/20230815/50ee1ca22cbd4d05a805915dd2bf2352/c.html> http://www.news.cn/info/20230815/50ee1ca22cbd4d05a805915dd2bf2352/c.html>

 

В Chrome 116 добавлен механизм инкапсуляции ключей, устойчивый к подбору на квантовых компьютерах [In Chrome 116, the key encapsulation mechanism resistant to selection on quantum computers added]

Компания Google сообщила о включении в кодовую базу, на основе которой сформирован выпуск Chrome 116, новой реализации механизма инкапсуляции ключей (KEM, Key Encapsulation Mechanism), в которой задействован гибридный алгоритм X25519Kyber768, устойчивый к подбору на квантовых компьютерах. Для создания сессионных ключей, применяемых для шифрования данных внутри TLS-соединений, теперь может использоваться комбинация из механизма обмена ключами X25519, основанного на эллиптических кривых и ныне применяемого в TLS, c алгоритмом Kyber-768, использующим методы криптографии, основанные на решении задач теории решёток, время решения которых не отличается на обычных и квантовых компьютерах. Спецификации расширения TLS 1.3, использующего X25519Kyber768 при обмене ключами, передана в комитет IETF для дальнейшего утверждения в качестве интернет-стандарта.

< <https://www.opennet.ru/opennews/art.shtml?num=59596> https://www.opennet.ru/opennews/art.shtml?num=59596>

 

**********************

SECURITY & PRIVACY

**********************

3 Major Email Security Standards Prove Too Porous for the Task

Email security standards are proving porous where malicious email attacks are concerned, since attackers use a deceptive link or new domains that comply with the same email security standards regular users employ to blunt threats like phishing, according to a vendor report released this week.

< <https://www.darkreading.com/vulnerabilities-threats/3-major-email-security-standards-falling-down-on-the-job> https://www.darkreading.com/vulnerabilities-threats/3-major-email-security-standards-falling-down-on-the-job>

 

Email phishing still the main way in for hackers: report

Email phishing remains one of the most dangerous vectors for organizational cyberattacks, as well as one of the most difficult to defend against, with deceptive links, brand impersonation and other phishing threats sharply on the rise.

< <https://www.csoonline.com/article/649551/email-phishing-still-the-main-way-in-for-hackers-report.html> https://www.csoonline.com/article/649551/email-phishing-still-the-main-way-in-for-hackers-report.html>

 

Cloudflare 2023 Phishing Threats Report: Attack trends in multi-channel phishing, identity deception, malicious new domains, and more

This inaugural Phishing Threats Report explores key attack trends based on approximately 13 billion emails processed by Cloudflare over a one-year period. For example:

< <https://www.cloudflare.com/en-gb/lp/2023-phishing-report/> https://www.cloudflare.com/en-gb/lp/2023-phishing-report/>

 

Routing Security is a Top Priority for LAC IXPs

Earlier this year, my colleague, Olaf Kolkman, summarized an Internet Society project that sought to understand whether the “classic” Internet is still relevant. The premise of the research was that the evolution of edge services has reshaped the way data flows through the Internet.

< <https://www.manrs.org/2023/08/routing-security-is-a-top-priority-for-lac-ixps/> https://www.manrs.org/2023/08/routing-security-is-a-top-priority-for-lac-ixps/>

 

Unveiling the Hidden Risks of Routing Protocols

Routing protocols play a critical role in the functioning of the Internet and the services built upon them. However, many of these protocols were developed without security concerns in mind.

< <https://www.darkreading.com/vulnerabilities-threats/unveiling-the-hidden-risks-of-routing-protocols> https://www.darkreading.com/vulnerabilities-threats/unveiling-the-hidden-risks-of-routing-protocols>

 

ICANN Promotes the First DNSSEC Day in Paraguay

ICANN is excited to announce its participation in the first DNSSEC Day in Paraguay. This national-level event is intended to promote the deployment of DNSSEC in the Latin American and Caribbean region (LAC). It will be held on 21 September 2023 during the yearly meeting of the Association of Internet Service Providers of Paraguay (ASISPY) in Asunción, Paraguay.

< <https://www.icann.org/en/announcements/details/icann-promotes-the-first-dnssec-day-in-paraguay-15-08-2023-en> https://www.icann.org/en/announcements/details/icann-promotes-the-first-dnssec-day-in-paraguay-15-08-2023-en>

 

A New Data Protection Mechanism for the Root Zone by Kim Davies

By the end of this year, the DNS root zone will carry with it additional data that will provide a new mechanism for network operators to validate its contents. The new mechanism relies on a standardized "message digest," a mathematical method for software to validate that it has a complete copy of the data without corruption. The representation of this message digest data in the root zone — known as a "ZONEMD" record — will look indecipherable, but provides the information that the software needs to validate the root zone's contents:

< <https://www.icann.org/en/blogs/details/a-new-data-protection-mechanism-for-the-root-zone-15-08-2023-en> https://www.icann.org/en/blogs/details/a-new-data-protection-mechanism-for-the-root-zone-15-08-2023-en>

 

**********************

INTERNET OF THINGS

**********************

eu: Cyber Resilience Act: MEPs back plan to boost digital products security 

The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about their security properties.

< <https://www.europarl.europa.eu/news/en/press-room/20230717IPR03029/cyber-resilience-act-meps-back-plan-to-boost-digital-products-security> https://www.europarl.europa.eu/news/en/press-room/20230717IPR03029/cyber-resilience-act-meps-back-plan-to-boost-digital-products-security>

 

Progressing beyond transport layer security for the IoT

Playing devil’s advocate, let’s pose the following question: Why do people use the Pretty Good Privacy (PGP) encryption system used for sending encrypted emails and encrypting sensitive files, or secure messaging applications like WhatsApp or Signal?

< <https://www.embedded.com/progressing-beyond-transport-layer-security-for-the-iot/> https://www.embedded.com/progressing-beyond-transport-layer-security-for-the-iot/>

 

**********************

QUANTUM NETWORKING

**********************

Quantum Networks Need Quantum Computing: Here’s a Forecast for That

Worldwide spending on quantum computing will grow significantly over the next few years, but not as much as previously forecast, according to International Data Corp. (IDC). Quantum computing is a critical enabler of quantum networks. Both are based on quantum physics, enabling a potentially disruptive approach to communications. While some people see quantum networking eventually replacing today’s technology, others see it as a niche market for organizations that need a higher level of security.

< <https://www.telecompetitor.com/quantum-networks-need-quantum-computing-heres-a-forecast-for-that/> https://www.telecompetitor.com/quantum-networks-need-quantum-computing-heres-a-forecast-for-that/>

 

AFRL opens state-of-the-art Extreme Computing facility, announces $44 million in additional funding [news release]

The Air Force Research Laboratory’s, or AFRL, new Extreme Computing Facility at the Information Directorate in Rome, New York, is a vital component to national defense research, and AFRL is using the most cutting-edge Quantum Computing technology available to protect the nation and deliver game-changing technologies to the warfighter. ... “This Extreme Computing Facility marks a new era in the accelerated development, integration and deployment of advanced computing technologies for the Department of the Air Force,” said Michael Hayduk, deputy director, Information Directorate. “The state-of-the-art laboratories for trusted computing, machine learning, neuromorphic and nanocomputing and quantum networking will advance our competitive edge in extreme computing. We thank the Air Force Research Laboratory, or AFRL, leadership, and our federal partners for championing the revolutionary technologies in development at the AFRL Information Directorate in direct support of our warfighters.”

< <https://www.afrl.af.mil/News/Article-Display/Article/3491698/afrl-opens-state-of-the-art-extreme-computing-facility-announces-44-million-in/> https://www.afrl.af.mil/News/Article-Display/Article/3491698/afrl-opens-state-of-the-art-extreme-computing-facility-announces-44-million-in/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

A software solution for preventing attacks on 5G networks

A new indigenous software technology solution can now proactively detect and prevent zero-day vulnerability attacks in the 5G networks thereby reducing the network downtime. This can help smoothen countrywide communication as 5G networks become its lifeline in the near future. ... The team used ethical hacking for finding vulnerabilities in the system. They tested the functionality issue in the network, created various attack scenarios based on topology, feature interaction, and the number of nodes involved by following the defined 5G standards of 3GPP.

< <https://pib.gov.in/PressReleasePage.aspx?PRID=1949829> https://pib.gov.in/PressReleasePage.aspx?PRID=1949829>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Q&A with Internet founders Vint Cerf and Robert Kahn ahead of upcoming Presidential Lecture Series

Vint Cerf and Robert Kahn, the researchers credited with the seminal work during the 1970s that led to the creation of the Internet a half-century ago, will join Purdue University President Mung Chiang for a Presidential Lecture Series event at 6 p.m. Sept. 7 in Stewart Center’s Fowler Hall.

< <https://www.purdue.edu/newsroom/purduetoday/releases/2023/Q3/q38a-with-internet-founders-vint-cerf-and-robert-kahn-ahead-of-upcoming-presidential-lecture-series.html> https://www.purdue.edu/newsroom/purduetoday/releases/2023/Q3/q38a-with-internet-founders-vint-cerf-and-robert-kahn-ahead-of-upcoming-presidential-lecture-series.html>

 

Draft Note: Guidance on Applying WCAG 2.2 to Non-Web Information and Communications Technologies (WCAG2ICT)

The Accessibility Guidelines Working Group (AG WG) and the WCAG2ICT Task Force has published Guidance on Applying WCAG 2.2 to Non-Web Information and Communications Technologies (WCAG2ICT) as a Group Draft Note.

< <https://www.w3.org/news/2023/draft-note-guidance-on-applying-wcag-2-2-to-non-web-information-and-communications-technologies-wcag2ict/> https://www.w3.org/news/2023/draft-note-guidance-on-applying-wcag-2-2-to-non-web-information-and-communications-technologies-wcag2ict/>

 

Open standards powering the future of embedded vision

Open standards streamline interoperability between critical technologies, reducing product development costs and time to market while speeding industry innovation.

< <https://www.imveurope.com/article/open-standards-powering-future-embedded-vision> https://www.imveurope.com/article/open-standards-powering-future-embedded-vision>

 

L4S Technology: A New Congestion-Control Solution for Latency 

In a digital world where every second counts, technologies that enable smooth, efficient transmission of data are paramount to ensuring the quality of our online experiences. Reliable connectivity is a must, and the need for it grows exponentially more essential every day, particularly as more applications harness the power of 10G. The 10G platform is a game-changing, multigigabit network made possible by DOCSIS technologies. It will deliver faster speeds, enhanced reliability, better security and lower latency. Low latency is especially critical for real-time communication applications because it helps create user experiences that are free of delay and disruption.

< <https://www.cablelabs.com/blog/docsis-4-0-interop-draws-excellent-participation> https://www.cablelabs.com/blog/docsis-4-0-interop-draws-excellent-participation>

 

Fastly acquires Domainr and launches new TLS Certification Authority

Edge cloud platform provider Fastly Inc. today announced that it has acquired domain status application programming interface provider Domainr.

< <https://siliconangle.com/2023/08/17/fastly-acquires-domainr-launches-new-tls-certification-authority/> https://siliconangle.com/2023/08/17/fastly-acquires-domainr-launches-new-tls-certification-authority/>

 

Fastly Expands Domains API and TLS Capabilities with Domainr Acquisition and General Availability of Certainly Certification Authority [news release]

Fastly, Inc., a leader in global edge cloud platforms, today announced two major developments in its domain name API and Transport Layer Security (TLS) capabilities: the acquisition of Domainr, an ICANN-accredited real-time domain availability API provider, as well as general availability of Certainly, Fastly’s publicly-trusted TLS Certification Authority (CA). These developments significantly advance Fastly’s edge cloud platform as well as its mission to foster a global web infrastructure that is more accessible, trusted and secure.

< <https://investors.fastly.com/news/news-details/2023/Fastly-Expands-Domains-API-and-TLS-Capabilities-with-Domainr-Acquisition-and-General-Availability-of-Certainly-Certification-Authority/default.aspx> https://investors.fastly.com/news/news-details/2023/Fastly-Expands-Domains-API-and-TLS-Capabilities-with-Domainr-Acquisition-and-General-Availability-of-Certainly-Certification-Authority/default.aspx>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home