[Newsclips] IETF SYN-ACK Newspack 2020-06-20

David Goldstein <david@goldsteinreport.com> Mon, 22 June 2020 12:02 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC9C3A0C3F for <newsclips@ietfa.amsl.com>; Mon, 22 Jun 2020 05:02:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DAjIceo1S-QV for <newsclips@ietfa.amsl.com>; Mon, 22 Jun 2020 05:02:36 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F42D3A0C49 for <newsclips@ietf.org>; Mon, 22 Jun 2020 05:02:36 -0700 (PDT)
Received: from DGSurfaceBook (unknown [121.209.41.42]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id 451552808F4 for <newsclips@ietf.org>; Mon, 22 Jun 2020 08:02:33 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 121.209.41.42) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DGSurfaceBook
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 22 Jun 2020 22:02:30 +1000
Message-ID: <001001d6488d$03f8bd70$0bea3850$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0011_01D648E0.D5A4CD70"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdZIjQFd0WJyUouNTgOgA+GzoDPn8Q==
Content-Language: en-au
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/gfESNDgG3pKFbg5-GseGanFOgD0>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-06-20
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 12:02:41 -0000

The IETF SYN-ACK Newspack aims to help track where, when, and how IETF-related issues are presented in a variety of news outlets and other online publications around the world.

 

**********************

IETF IN THE NEWS

**********************

The Bigger the News, the Bigger the Cyber Threats

... Over the last 15 years, the IETF has standardized new technologies to make it harder for cybercriminals to abuse the domains that send legitimate email. Three of these technologies — each a different component of email authentication — are essential to preventing a significant amount of the fraud we see today.

<https://www.darkreading.com/vulnerabilities---threats/the-bigger-the-news-the-bigger-the-cyber-threats/a/d-id/1338079>

 

IPv6 Enhanced Innovation, Embracing the IP Future in 5G & Cloud Era

... Based on IPv6, SRv6 standard has also made great progress. IETF officially released in March the SRv6 standard document RFC8754, which defines the encapsulation format of the SRv6 Segment Routing Header (SRH). This laid a solid foundation for large-scale commercial use of SRv6 and multi-vendor interoperability. Bruno Decraene, a senior architect from Orange, co-chair of the IETF’s SPRING working group, shared the latest progress of SRv6 standardization and the adoption perspectives.

<https://telecoms.com/intelligence/ipv6-enhanced-innovation-embracing-the-ip-future-in-5g-cloud-era/>

 

Help secure the top UK entry point for cyberfraud

... Ofcom refers to the IETF group set up to “tackle the issues” related to VOIP spoofing. How active are it and the UK telcos with regard to testing and/or implementing the “solutions” that have been proposed which might reduce, albeit not eliminate, the problems as they affect those in the UK.

<https://www.computerweekly.com/blog/When-IT-Meets-Politics/Help-secure-the-top-UK-entry-point-for-cyberfraud>

 

GitHub to change ‘master’ and ‘slave’ coding terms deemed as ‘oppressive metaphors,’ racially ‘inappropriate’

... Web developer Scott Hanselman also demonstrated how to rename the default branch from master to main in his blog on June 8. Hanselman cited IETF in explaining that the master and slave terms used in coding “is an oppressive metaphor.” The terms are also noted as “inappropriate,” “arcane” and “technically and historically inaccurate.”

<https://technology.inquirer.net/101012/github-to-change-master-and-slave-coding-terms-deemed-as-oppressive-metaphors-racially-inappropriate>

 

GitHub to retire 'master' label to erase slavery connotations

... Incidentally, Microsoft programmer, Scott Hanselman, last week published a blog echoing calls from the IETF that the ‘master-slave’ terminology is inappropriate. He also demonstrated how developers could replace the terms in their projects without much hassle.

<https://www.itpro.co.uk/software/development/356065/github-to-retire-master-label-to-erase-slavery-connotations>

 

GitHub to change ‘master’ and ‘slave’ coding terms deemed as ‘oppressive metaphors,’ racially ‘inappropriate’

... Web developer Scott Hanselman also demonstrated how to rename the default branch from master to main in his blog on June 8. Hanselman cited IETF in explaining that the master and slave terms used in coding “is an oppressive metaphor.” The terms are also noted as “inappropriate,” “arcane” and “technically and historically inaccurate.”

<https://technology.inquirer.net/101012/github-to-change-master-and-slave-coding-terms-deemed-as-oppressive-metaphors-racially-inappropriate>

<https://www.msn.com/en-ph/news/other/ef-bb-bfgithub-to-change-e2-80-98master-e2-80-99-and-e2-80-98slave-e2-80-99-coding-terms-deemed-as-e2-80-98oppressive-metaphors-e2-80-99-racially-e2-80-98inappropriate-e2-80-99/ar-BB15INKf>

 

Words Matter: Finally, Tech Looks at Removing Exclusionary Language

... The IETF, which focuses primarily on readable, clear, consistent, and reasonable uniform language, has also recently updated its memo on Technology, Power and Inclusive Language, which already focused on the need for exclusion of master/slave, as well as whitelist/blacklist, from industry-standard terminology.

<https://thenewstack.io/words-matter-finally-tech-looks-at-removing-exclusionary-language/>

 

Programatorii vor să interzică termenii rasişti din limbajele de programare [Programmers want to ban racist terms from programming languages]

... IETF, consorţiul internaţional care discută şi publică standardele informatice, face o serie de sugestii, inclusiv „blocklist” şi „allowlist”, sau chiar „primar-secundar”, pentru combinaţia „master-slave”.

<https://www.bihon.ro/stiri-internationale/mapamond/programatorii-vor-sa-interzica-termenii-rasisti-din-limbajele-de-programare-2309178/>

 

GitHub ne veut plus parler d’architecture « maître-esclave », des termes trop connotés [GitHub no longer wants to talk about "master-slave" architecture, terms that are too connoted]

... La réflexion sur l’expression maître-esclave dans un contexte informatique n’est en fait pas neuve. Elle existe par exemple dans l’IETF, une structure normalisant les protocoles sur le net. Par exemple, un document de travail publié en 2018 et intitulé « Terminologie, pouvoir et langage oppressif » a donné des arguments en faveur d’expressions alternatives.

<https://www.numerama.com/tech/630789-github-ne-veut-plus-parler-darchitecture-maitre-esclave-des-termes-trop-connotes.html>

 

What is a SIP Phone? An Intro to SIP Technology

... Created in the 90s and standardized by the IETF, SIP transforms professional conversations. SIP created a new environment which paved the way for concepts like meeting rooms and digital collaboration.

<https://www.uctoday.com/unified-communications/what-is-a-sip-phone/>

 

Security standards and their role in 5G

... The main standardization organization for mobile networks is 3GPP, and the security for 3G through 5G has been defined in the security group SA3. The security architecture, as defined by 3GPP SA3, in turn comprises security solutions from several different standardization organizations. The IETF defines security protocols such as IPsec, EAP, and TLS which are incorporated in the 5G security architecture. A 5G network is built using cloud and virtualization technologies, and ETSI ISG NFV defines security for network functions virtualization (NFV). Crypto solutions such as AES are standardized by NIST, and the recently approved NESAS framework for security assurance is a joint effort between 3GPP SA3 and GSMA. All these different components together form the security standard for 5G.

<https://www.ericsson.com/en/blog/2020/6/security-standards-role-in-5g>

 

IETF工作组如何认领个人草案 [How the IETF Working Group claims individual drafts]

编者按:为了实现网络强国的战略,越来越多的工程师会向IETF提交个人草案(draft),并期望有朝一日会成为RFC。

<https://www.edu.cn/xxh/yc/202006/t20200619_1734123.shtml>

 

**********************

INTERNET OF THINGS

**********************

The Internet of Things Has a Consent Problem

Consent has become a big topic in the wake of the Me Too movement. But consent isn’t just about sex. At its core, it’s about respect and meeting people where they are at. As we add connected devices to homes, offices, and public places, technologists need to think about consent.

<https://spectrum.ieee.org/telecom/security/the-internet-of-things-has-a-consent-problem>

 

**********************

SECURITY & PRIVACY

**********************

The additional complications in DNS updates that secondary DNS servers add

I was recently reading Julia Evans' What happens when you update your DNS? (which is a great clear explanation of what it says), and it brought back some painful memories of the old days (which are still the current days for some people), which I might as well share.

<https://utcc.utoronto.ca/~cks/space/blog/sysadmin/DNSUpdatesAndSecondaries?showcomments>

 

... NSA Pilot Secures Defense Contractors

The NSA recently launched a pilot program to bolster the U.S. defense industrial base against malware, the head of the agency’s Cybersecurity Directorate said Thursday. The effort to secure a group of defense contractors’ Domain Name System protocols, dubbed “Secure DNS,” started six weeks ago with the intention of learning whether it’s a model that can “jumpstart their security, particularly for smaller- and medium-sized companies that may not have the ability to invest the resources or the right-skilled personnel,” Anne Neuberger said during Defense One’s Tech Summit. “We know they’re targets because they’re building weapons technology for the department.”

<https://www.politico.com/newsletters/morning-cybersecurity/2020/06/19/nsa-launches-secure-dns-788668>

 

Why AI Is The Future Of Remote Security Monitoring

Bottom Line: Real-time analysis of remote video feeds is rapidly improving thanks to AI, increasing the accuracy of remote equipment and facility monitoring. Agriculture, construction, oil & gas, utilities, and critical infrastructure all need to merge cybersecurity and physical security to adapt to an increasingly complex threatscape. What needs to be the top priority is improving the accuracy, insight, and speed of response to remote threats that AI-based video recognition systems provide. Machine learning techniques as part of a broader AI strategy are proving effective in identifying anomalies and threats in real-time using video, often correlating them back to cyber threats, which are often part of an orchestrated attack on remote facilities.

<https://www.forbes.com/sites/louiscolumbus/2020/06/21/why-ai-is-the-future-of-remote-security-monitoring/>

 

NSA pilots secure DNS model to protect against malware attacks

The US National Security Agency (NSA) is working on a secure DNS model with an aim to protect American defence contractors from malware attacks.

<https://www.computing.co.uk/news/4016730/nsa-pilots-secure-dns-model-protect-malware-attacks>

 

Phishing becoming more prolific and impregnable - report

The most prolific form of cyber attack to emerge in the COVID-19 era is becoming even more targeted and difficult to defend against as the pandemic wears on, according to new research released by ProPrivacy.

<https://securitybrief.co.nz/story/phishing-becoming-more-prolific-and-impregnable-report>

 

‘Pandemic effect’ drives increase in number and severity of DDoS attacks

Since the Covid-19 pandemic forced people indoors, DDoS attacks have risen by “virtually every metric”. According to a new report from Neustar, the overall number of attacks, their severity and intensity have all increased. In the first quarter of the year, Neustar mitigated more than twice the number of attacks than in the same period of the previous year.

<https://www.itproportal.com/news/pandemic-effect-drives-increase-in-number-and-severity-of-ddos-attacks/>

 

COVID-19 Online Traffic and Attack Data Report

During the isolation of the COVID-19 pandemic, it probably felt like you were all alone, even online. In fact, you had a lot of company…and some of it was unwanted. The increasing dependence on the Internet, along with the surge of traffic, brought a jackpot to cybercriminals.

<https://www.home.neustar/resources/whitepapers/covid-19-online-traffic-and-attack-data-report>

 

Foreign government behind major cyber attack on Australian governments and business, PM says

Prime Minister Scott Morrison says Australian organisations, including governments and businesses, are currently the targets of sustained attacks by a sophisticated foreign "state-based" hacker.

<https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470>

 

'Cyber attacks' point to China's spy agency, Ministry of State Security, as Huawei payback, say former Australian officials

"Cyber attacks" on Australian government and industry bodies are most likely being directed by China's premier intelligence agency in retaliation for banning telco Huawei from the 5G network, experts have told the ABC.

<https://www.abc.net.au/news/2020-06-19/cyber-attacks-likely-huawei-5g-ban-payback-from-china-spy-agency/12374374>

 

Australian cyber attack not ‘sophisticated’ – just a wake-up call for businesses, experts say

The “sophisticated state-based” cyber-attack Australian prime minister Scott Morrison has warned about is not particularly sophisticated, according to experts, but serves as a wake-up call for businesses to keep their systems patched and secure, and to remain alert.

<https://www.theguardian.com/technology/2020/jun/19/australian-cyber-attack-not-sophisticated-just-a-wake-up-call-for-businesses-experts-say>

 

Australian cyber attack: Which countries would do it?

Cyber security expert Joshua Kennedy-White tells the BBC there are four countries with the capability and intent to carry out a cyber attack on Australia.

<https://www.bbc.com/news/av/world-australia-53102997/australian-cyber-attack-which-countries-would-do-it>

 

Eric Schmidt: Huawei has engaged in unacceptable practices

Huawei poses challenges to national security and has engaged in unacceptable acts, Google's former boss Eric Schmidt has told the BBC.

<https://www.bbc.com/news/technology-53080113>

 

EU grants €38 million for protection of critical infrastructure against cyber threats 

The Commission has announced that it is committing more than €38 million, through Horizon 2020, the EU's research and innovation programme, to support several innovative projects in the field of protection of critical infrastructure against cyber and physical threats and making cities smarter and safer.

<https://ec.europa.eu/digital-single-market/en/news/eu-grants-eu38-million-protection-critical-infrastructure-against-cyber-threats>

 

DevSecOps Isn’t Sexy but among the Key Tools to Strengthen Cybersecurity

The persistent quest to improve enterprise cybersecurity commonly sparks a host of big-picture topics. Among other things, there is the desire to ramp up cybersecurity analytics and the growing movement in corporate boardrooms to improve oversight of cybersecurity strategy.

<https://www.rsaconference.com/industry-topics/blog/devsecops-isnt-sexy-but-among-the-key-tools-to-strengthen-cybersecurity>

 

The Bright Side of the Dark Web: As the hitmen and fraudsters retreat, the Dark Web could become freedom's most important ally.

The Dark Web has had some seriously bad press. It's blamed for everything from the proliferation of child pornography, to facilitating cyber fraud, peddling hard drugs, hacking email inboxes, selling malware, supporting ISIS, and even allowing people to hire contract killers. But what if there was a brighter side to the phenomenon that we've learned to see as "dark" and "shady"? While it would be foolish to ignore the very real abuses on the Dark Web, there's actually a case to be made in its defense, from freeing dissidents to share information, to protecting whistleblowers from persecution. Here are three reasons to give it a second glance.

<https://www.darkreading.com/the-bright-side-of-the-dark-web/a/d-id/1338020>

 

DevSecOps Isn’t Sexy but among the Key Tools to Strengthen Cybersecurity

The persistent quest to improve enterprise cybersecurity commonly sparks a host of big-picture topics. Among other things, there is the desire to ramp up cybersecurity analytics and the growing movement in corporate boardrooms to improve oversight of cybersecurity strategy.

<https://www.rsaconference.com/industry-topics/blog/devsecops-isnt-sexy-but-among-the-key-tools-to-strengthen-cybersecurity>

 

**********************

TLS

**********************

Where is the DNS Headed? by Geoff Huston

I was on a panel at the recent Registration Operations Workshop on the topic of DNS Privacy and Encryption. The question I found myself asking was: “What has DNS privacy to do with registration operations?” The registration function is part of the process of public attestation relating to some form of title of exclusive control. But the name registration entry has very little if anything to do with the manner of resolution of that name. It should not matter in the least if a client uses plain DNS, DNS over TLS, DNS over HTTPS, DNS over QUIC or DNS over anything else to pass a query to a recursive resolver. 

<https://www.potaroo.net/ispcol/2020-06/row.html>

 

**********************

OTHERWISE NOTEWORTHY

**********************

OECD to host Secretariat of new Global Partnership on Artificial Intelligence

The OECD will host the Secretariat of the new Global Partnership on AI (GPAI), a coalition launched today that aims at ensuring that Artificial Intelligence is used responsibly, respecting human rights and democratic values. Arrangements for the OECD’s role as host will be finalised in the coming days.

<http://www.oecd.org/going-digital/ai/oecd-to-host-secretariat-of-new-global-partnership-on-artificial-intelligence.htm>

<http://www.oecd.org/internet/oecd-to-host-secretariat-of-new-global-partnership-on-artificial-intelligence.htm>

 

Brian Rosen to Serve as Additional RFC Editor Future Development Program Chair

The IAB has selected Brian Rosen to serve as an additional chair of the RFC Editor Future Development Program, joining current chair Eliot Lear. Together, the chairs will set the detailed agenda, manage the program, and call consensus among the participants. The program also has two liaisons from the IAB to assist with logistical matters, Wes Hardaker and Jared Mauch.

<https://www.iab.org/2020/06/17/brian-rosen-to-serve-as-additional-rfc-editor-future-development-program-chair/>

 

World Economic Forum Announces 100 New Technology Pioneers In 2020 Cohort

The World Economic Forum announced today its 2020 Technology Pioneers, future headline-makers addressing global issues with cutting-edge technology. From artificial intelligence (AI) to carbon capture, this year’s cohort is using innovations to protect the climate, improve healthcare and much more, helping us to reset society and build towards a better future.

<https://www.weforum.org/press/2020/06/world-economic-forum-announces-100-new-technology-pioneers-in-2020-cohort>

 

Measuring IPv6 by Geoff Huston

It's now the season of virtual workshops, and without the overhead of time spent travelling to these events it’s been possible to participate in a number of these events all over the Internet in the space of a few days.

<https://www.potaroo.net/ispcol/2020-06/m6w.html>

 

DNS OARC32a Meeting Report by Geoff Huston

Once the realisation sunk in that the lockdown response to the COVID-19 pandemic was not a short-term hiatus in our lives but a new normal, at least for a while, then a set of meetings and workshops have headed into the online space. For many years I have been a keenly interested participant in the meetings organised by the DNS Operations and Research Community, or DNS OARC. This time around its most recent meeting headed into the online space. Here's my impressions of the material presented at the online DNS OARC 32a meeting.

<https://www.potaroo.net/ispcol/2020-06/oarc32a.html>

 

Technology Adoption in the Internet by Geoff Huston

How are new technologies adopted in the Internet? What drives adoption? What impedes adoption? These were the questions posed at a panel session at the recent EuroDiG workshop in June. In many ways this is an uncomfortable question for the Internet, given the uncontrolled runaway success of the Internet in its first two decades.

<https://www.potaroo.net/ispcol/2020-06/tech.html>

 

China's Proposed Internet Wrests Control From Users

The next-generation Internet proposed by Huawei and supported by the Chinese government would provide a platform for revolutionary capabilities while implementing repressive measures that would eliminate today’s open communication. At worst, it would place control of Internet content in the hands of a few masters. But even if it does not subsume the entire Internet, it would cripple the interoperability that has characterized the network’s value as an economic growth engine by creating separate and unequal Internets.

<https://www.afcea.org/content/china’s-proposed-internet-wrests-control-users>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home