[Newsclips] IETF SYN-ACK Newspack 2021-07-26

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

IAB report to the community for IETF 111

This is the IAB report for the period between IETF 110 and IETF 111. This report presents a summary of activities.

< <https://www.iab.org/2021/07/23/iab-report-to-the-community-for-ietf-111/> https://www.iab.org/2021/07/23/iab-report-to-the-community-for-ietf-111/>

 

The future of digital twins: what will they mean for mobile networks?

... One the other hand, there is a need to understand the bigger picture on how digital twins will fit in an evolved network architecture. There are currently efforts ongoing in standardization (IETF & ITU-T) to define architectures for digital twins in a network context. Once these mature, they will form the basis for creating frameworks and solutions for different use cases, both those mentioned above and future use cases yet to be discovered.

< <https://www.ericsson.com/en/blog/2021/7/future-digital-twins-in-mobile-networks> https://www.ericsson.com/en/blog/2021/7/future-digital-twins-in-mobile-networks>

 

What Is TLS 1.2 and why should we still care?

... In 2018, the IETF finalised and published TLS 1.3, making it the most advanced and secure cryptography protocol available. TLS 1.3 improved web performance and security by increasing TLS handshake speed, improving load times, and removing obsolete and insecure TLS 1.2 cipher suites, such as the RSA key exchange algorithm, the RC4 stream cipher, the CBC mode cipher, and others.

< <https://itwire.com/strategy/what-is-tls-1-2-and-why-should-we-still-care.html> https://itwire.com/strategy/what-is-tls-1-2-and-why-should-we-still-care.html>

< <https://securitybrief.com.au/story/what-is-tls-1-2-and-why-should-we-still-care> https://securitybrief.com.au/story/what-is-tls-1-2-and-why-should-we-still-care>

 

Missing Link: How China wants to become a world power in standardization

... European countries like Germany in particular set early industrial standards. A few decades ago, many countries and companies around the world simply adopted DIN standards. Today, however, standards for the Internet are mainly created by bodies based in the USA such as the IETF or the World Wide Web Consortium (W3C). In the Internet of Things (IoT), Industry 4.0, the new generations of mobile communications 5G and 6G, as well as other future technologies such as e-mobility, Beijing now wants to be one step ahead.

< <https://marketresearchtelecast.com/missing-link-how-china-wants-to-become-a-world-power-in-standardization/112135/> https://marketresearchtelecast.com/missing-link-how-china-wants-to-become-a-world-power-in-standardization/112135/>

 

Missing Link: Wie sich China zur Normungsweltmacht aufschwingen will [Missing Link: How China wants to become a world power in standardization]

... Frühe Industriestandards setzten vor allem europäische Länder wie Deutschland. Vor einigen Jahrzehnten übernahmen viele Staaten und Unternehmen auf der Welt noch einfach DIN-Normen. Heute werden Standards für das Internet dagegen vor allem von Gremien mit Sitz in den USA wie der IETF oder dem World Wide Web Consortium (W3C) geschaffen. Im Internet der Dinge (IoT), bei der Industrie 4.0, den neuen Mobilfunkgenerationen 5G und 6G sowie anderen Zukunftstechnologien wie der E-Mobilität will Peking nun die Nase vorn haben.

< <https://www.heise.de/hintergrund/Missing-Link-Wie-sich-China-zur-Normungsweltmacht-aufschwingen-will-6146295.html> https://www.heise.de/hintergrund/Missing-Link-Wie-sich-China-zur-Normungsweltmacht-aufschwingen-will-6146295.html>

 

Der zukunftssicheren industriellen Kommunikation ein Stück näher [A step closer to future-proof industrial communication]

... Die Profibus Nutzerorganisation teilt mit, dass die in der IEC/IEEE 60802 entstanden Definitionen direkt in die Profinet-Spezifikation übernommen werden konnten. So sind beispielsweise das Gerätemodell für End-Stations und Bridges der aktuellen Ausgabe der IEEE802.1Q sowie die Anforderungen aus dem Konfigurationsmodell von NetConf/YANG und des Security-Konfigurationsmodell der IETF enthalten.

< <https://www.elektrotechnik.vogel.de/der-zukunftssicheren-industriellen-kommunikation-ein-stueck-naeher-a-1041134/> https://www.elektrotechnik.vogel.de/der-zukunftssicheren-industriellen-kommunikation-ein-stueck-naeher-a-1041134/>

 

Privatsphärenschutz: DNS-Verschlüsselung im Feldversuch bei der Telekom [Privacy protection: DNS encryption in field trials at Deutsche Telekom] [full article subscription only]

... DoH ist jedoch nicht der einzige Weg, DNS-Daten zu verschlüsseln. Mit DNSCrypt gibt es bereits seit Jahren ein Verfahren dafür, das sich allerdings noch nicht auf breiter Front durchgesetzt hat. Später sind unter dem Dach der IETF DNS-over-TLS (DoT) und DNS-over-HTTPS entstanden.

< <https://www.heise.de/hintergrund/Privatsphaerenschutz-DNS-Verschluesselung-im-Feldversuch-bei-der-Telekom-6139243.html> https://www.heise.de/hintergrund/Privatsphaerenschutz-DNS-Verschluesselung-im-Feldversuch-bei-der-Telekom-6139243.html>

 

Was ist das Constrained Application Protocol (CoAP)? [What is the Constrained Application Protocol (CoAP)?]

... Das Akronym für Constrained Application Protocol lautet CoAP. Es handelt sich um ein von der IETF und von der Constrained RESTful Environments Working Group (CoRE) entwickeltes Web-Transfer-Protokoll.

< <https://www.bigdata-insider.de/was-ist-das-constrained-application-protocol-coap-a-1039737/> https://www.bigdata-insider.de/was-ist-das-constrained-application-protocol-coap-a-1039737/>

 

Incomunicabilità tra app di chat: a chi conviene e come superarla: Vittorio Bertola [Incommunicability between chat apps: who benefits and how to overcome it]

... Organizzazioni come IETF e W3C hanno una tradizione in tal senso, anche se nella pratica sono poi spesso dominate dalle stesse aziende che dominano il mercato dei servizi online, ed è quindi necessario anche garantire un accesso più forte a queste organizzazioni da parte delle comunità e delle aziende Internet europee. Tuttavia, l’esperienza già citata di servizi come email, web, o degli stessi protocolli di basso livello che trasportano i bit sulla rete, dimostra che tutto questo è ampiamente possibile.

< <https://www.agendadigitale.eu/mercati-digitali/incomunicabilita-tra-app-di-chat-a-chi-conviene-e-come-superarla/> https://www.agendadigitale.eu/mercati-digitali/incomunicabilita-tra-app-di-chat-a-chi-conviene-e-come-superarla/>

 

Le chat di Telegram sono al sicuro o no? Facciamo chiarezza [Are Telegram chats safe or not? Let's clarify]

... Stefano Zanero: "Ci sono varie definizioni del termine. Standard può voler dire che è stato così definito da un comitato internazionale oppure che si è imposto di fatto, cioè una serie di aziende hanno iniziato a utilizzarlo ed è diventato una cosa che effettivamente tutti usano perché funziona. Nel caso dei protocolli crittografici possono succedere entrambe le cose. Il protocollo TLS (Transport Layer Security) che usiamo per cifrare le nostre comunicazioni con i siti web è uno standard creato dalla IETF."

< <https://www.dday.it/redazione/40121/sicurezza-chat-telegram> https://www.dday.it/redazione/40121/sicurezza-chat-telegram>

 

关于加快推进互联网协议第六版（IPv6）规模部署和应用工作的通知 [Notice on accelerating the deployment and application of the sixth edition (IPv6) of the Internet Protocol]

... 28.积极参与国际标准制定。加强与互联网工程任务组（IETF）、欧洲电信标准化协会（ETSI）等国际标准化组织合作，积极参与IPv6相关国际标准制定。

< <https://finance.sina.com.cn/tech/2021-07-23/doc-ikqcfnca8610425.shtml> https://finance.sina.com.cn/tech/2021-07-23/doc-ikqcfnca8610425.shtml>

< <https://hk.investing.com/news/stock-market-news/article-178621> https://hk.investing.com/news/stock-market-news/article-178621>

 

**********************

SECURITY & PRIVACY

**********************

Spamhaus Botnet Threat Update: Q2-2021

This quarter, the Spamhaus researchers have observed a 12% reduction in newly observed botnet command and controllers (C&Cs), which is good news. However, it’s not good news for everyone; more than one industry-leading provider is suffering under the weight of active botnet C&Cs on their networks.

< <https://www.spamhaus.org/news/article/813/spamhaus-botnet-threat-update-q2-2021> https://www.spamhaus.org/news/article/813/spamhaus-botnet-threat-update-q2-2021>

 

us: Safeguarding Critical Infrastructure against Threats from the People’s Republic of China

As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organization of all sizes at home and around the world. CISA regularly shares actionable information to help security professionals and leadership manage risk and protect their systems against a range of threats.

< <https://www.cisa.gov/blog/2021/07/19/safeguarding-critical-infrastructure-against-threats-peoples-republic-china> https://www.cisa.gov/blog/2021/07/19/safeguarding-critical-infrastructure-against-threats-peoples-republic-china>

 

us: CISA Updates Toolkit to Promote Public Safety Communications and Cyber Resiliency

The Cybersecurity and Infrastructure Security Agency (CISA) collaborates with public safety, national security, and emergency preparedness communities to enhance seamless and secure communication to keep America safe, secure, and resilient. Any interruption in communications can have a cascading effect, impacting the public safety agency’s ability to deliver critical lifesaving services to the community. Therefore, public safety agencies carefully plan, implement, and review communications capabilities for resiliency to maintain daily communications abilities and prepare in advance for emergency events.

< <https://www.cisa.gov/blog/2021/07/21/cisa-updates-toolkit-promote-public-safety-communications-and-cyber-resiliency> https://www.cisa.gov/blog/2021/07/21/cisa-updates-toolkit-promote-public-safety-communications-and-cyber-resiliency>

 

CIS Podcast: Cybersecurity Where You Are Ep.11

Zero trust is an important information security architectural shift. Cyber breaches have increased in intensity, frequency and most alarmingly, impact, causing many organizations to try to figure out how to manage continuous cyber threats, while still communicating and maintaining trust to their stakeholders. Attestation can provide system-level remediation and resiliency, while ensuring transparency of compliance with industry security controls and benchmarks.

< <https://www.cisecurity.org/blog/cis-podcast-cybersecurity-where-you-are-ep-11/> https://www.cisecurity.org/blog/cis-podcast-cybersecurity-where-you-are-ep-11/>

 

**********************

INTERNET OF THINGS

**********************

IoT Non-Technical Supporting Capabilities: You Talked, We Listened

As part of our ongoing community engagement following the publication of four IoT cybersecurity draft documents in December 2020, NIST conducted a quartet of roundtable discussions in June 2021 focused on draft NISTIR 8259B, IoT Non-Technical Supporting Capability Core Baseline. The roundtables spanned four weeks, and addressed the four core capabilities defined in NISTIR 8259B as well as general discussions on applying the baseline:

< <https://www.nist.gov/blogs/cybersecurity-insights/iot-non-technical-supporting-capabilities-you-talked-we-listened> https://www.nist.gov/blogs/cybersecurity-insights/iot-non-technical-supporting-capabilities-you-talked-we-listened>

 

Opinion: The Internet of Things can improve Southern California traffic. Here’s how. by Laura Guio, IBM’s executive leader for IBM employees across California

As early signs of a return to normalcy mount with the nation’s vaccinations, there is one thing no one is eager to see return: the choking traffic jams that are such an iconic part of the urban California experience.

< <https://www.sandiegouniontribune.com/opinion/commentary/story/2021-07-19/california-traffic-technology-data-ibm-internet-solutions> https://www.sandiegouniontribune.com/opinion/commentary/story/2021-07-19/california-traffic-technology-data-ibm-internet-solutions>

 

Internet of Things in desperate need of more robust identity and access management

The future of identity and access management in the Internet of Things will escape the confines of user-focused identity and transition toward a more inclusive model, according to a new analysis research report by ABI Research.

< <https://itbrief.com.au/story/internet-of-things-in-desperate-need-of-more-robust-identity-and-access-management> https://itbrief.com.au/story/internet-of-things-in-desperate-need-of-more-robust-identity-and-access-management>

 

Internet of things: Getting the billing basics right

The fourth industrial revolution offers tremendous opportunities for economic growth, as well as significant challenges for a low-skill economy like South Africa. In particular, the internet of things (IOT), the growing number of objects connected to the network, most frequently via SIM cards, offers a host of opportunities for entrepreneurs to devise products and services to improve current businesses or indeed create new ones. Analysts predict that in the European market alone, spending on the IOT will reach $202 billion in 2021 and will continue to experience double-digit growth through 2025.

< <https://www.itweb.co.za/content/RgeVDqPYL9WvKJN3> https://www.itweb.co.za/content/RgeVDqPYL9WvKJN3>

 

**********************

OTHERWISE NOTEWORTHY

**********************

RFC 9075 on Report from the IAB COVID-19 Network Impacts Workshop 2020

Abstract: The Coronavirus disease (COVID-19) pandemic caused changes in Internet user behavior, particularly during the introduction of initial quarantine and work-from-home arrangements. These behavior changes drove changes in Internet traffic. The Internet Architecture Board (IAB) held a workshop to discuss network impacts of the pandemic on November 9-13, 2020. The workshop was held to convene interested researchers, network operators, network management experts, and Internet technologists to share their experiences. The meeting was held online given the ongoing travel and contact restrictions at that time.

< <https://www.iab.org/2021/07/23/rfc-9075-on-report-from-the-iab-covid-19-network-impacts-workshop-2020/> https://www.iab.org/2021/07/23/rfc-9075-on-report-from-the-iab-covid-19-network-impacts-workshop-2020/>

 

Akamai Summarizes Service Disruption (RESOLVED)

At 15:45 UTC on July 22, 2021, a software configuration update triggered a bug in our Secure Edge Content Delivery Network impacting that network's domain name service (DNS) system (the system that directs browsers to websites for that specific service). This caused a disruption impacting availability of some customer websites. The disruption lasted up to an hour. Upon rolling back the software configuration update, the services resumed normal operations.

< <https://blogs.akamai.com/2021/07/akamai-summarizes-service-disruption-resolved.html> https://blogs.akamai.com/2021/07/akamai-summarizes-service-disruption-resolved.html>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home