[Newsclips] IETF SYN-ACK Newspack 2020-12-14

David Goldstein <david@goldsteinreport.com> Mon, 14 December 2020 09:46 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4753A0EA8 for <newsclips@ietfa.amsl.com>; Mon, 14 Dec 2020 01:46:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.012
X-Spam-Level:
X-Spam-Status: No, score=0.012 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F49l15sGL1uo for <newsclips@ietfa.amsl.com>; Mon, 14 Dec 2020 01:46:41 -0800 (PST)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 076CB3A1104 for <newsclips@ietf.org>; Mon, 14 Dec 2020 01:46:13 -0800 (PST)
Received: from DavidDesktop2019 (unknown [144.136.3.240]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id 0B5AD297499 for <newsclips@ietf.org>; Mon, 14 Dec 2020 04:46:08 -0500 (EST)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 144.136.3.240) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 14 Dec 2020 20:46:08 +1100
Organization: Goldstein Report
Message-ID: <008301d6d1fd$f572a270$e057e750$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0084_01D6D25A.28E3B6B0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdbR/fKSnRQn3/dARFqLR56tWtGCcA==
Content-Language: en-au
X-PPP-Message-ID: <20201214094611.3711617.46825@karkinos.atomiclayer.com>
X-PPP-Vhost: goldsteinreport.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/mWvUsXb1B7tjuUC5DDHNpvir34w>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-12-14
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2020 09:46:48 -0000

The IETF SYNACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Event Wrap: IETF 109

APNIC participated in IETF 109, held online from 16 to 20 November 2020. The event welcomed around 1,000 participants; there were over 100 working group sessions, including five new working groups meeting for the first time.

< <https://blog.apnic.net/2020/12/08/event-wrap-ietf-109/> https://blog.apnic.net/2020/12/08/event-wrap-ietf-109/>

 

Standardising an end-to-end encrypted messaging protocol at the IETF

Last month, an Austrian media report kicked up a storm by suggesting that the Council of the European Union was drafting a resolution to prohibit the use of end-to-end encrypted communication. This was quickly corrected: the draft resolution, in fact, affirms the previous position of previous EU policy documents that recognise the importance of end-to-end encryption (E2EE) in providing secure and private communication.

< <https://www.centr.org/news/blog/ietf109-e2ee.html> https://www.centr.org/news/blog/ietf109-e2ee.html>

 

International Law and Cyberspace: It's the "How", Stupid by Wolfgang Kleinwächter

... Niels ten Oever has worked for many years with the human rights organization "Article 19". His "Wired Norms: Inscription, resistance and subversion in the governance of the Internet infrastructure" is based on his dissertation, which he defended in summer 2020 at the University of Amsterdam. He analyzes the interrelationship between technical arrangements and legal norms, particularly in human rights. He looks into policies and practices of three technical organizations — ICANN, IETF and the Regional Internet Registries (RIRs) — and identifies frictions between the multilateral Internet Governance regime, which regulate public policy issues (as privacy or information content) and self-regulatory multistakeholder and private Internet governance regimes, which are dealing with technical issues (as Internet protocols, standards, domain names and IP addresses).

< <http://www.circleid.com/posts/20201210-international-law-and-cyberspace-its-the-how-stupid/> http://www.circleid.com/posts/20201210-international-law-and-cyberspace-its-the-how-stupid/>

 

Distinguishing Among DNS Services Part 2: The Economics

... Finally, there is value in partnering with a DNS provider that continuously invests and reinvests in product improvements and enhancements that add efficiency, boost performance, and protect digital footprints. Akamai recently coauthored an important new IETF standard, and extended our DevOps capabilities, to name just two of the enhancements highlighted in our October 2020 Platform Update.

< <https://securityboulevard.com/2020/12/distinguishing-among-dns-services-part-2-the-economics/> https://securityboulevard.com/2020/12/distinguishing-among-dns-services-part-2-the-economics/>

 

NTT and NEC in alliance to take on GAFA with open standards

... In the past standards emerged from the International Telecommunication Union (ITU), said Shibutani. “They decided everything, such as telephone numbers, country codes and routes.” Power has moved to the IETF as a de facto standards body, he added, but the result is “people from English-speaking countries keep working on their own standards”.

< <https://www.capacitymedia.com/articles/3827161/ntt-and-nec-in-alliance-to-take-on-gafa-with-open-standards> https://www.capacitymedia.com/articles/3827161/ntt-and-nec-in-alliance-to-take-on-gafa-with-open-standards>

 

NENA Releases New Version of NG 9-1-1 i3 Standard, Seeks Comment

... Version 3 includes key updates to NG 9-1-1 infrastructure to ensure continued support for interoperability on a national and international scale. Version 3 changes include a move to a representational state transfer (REST)/JavaScript object notation (JSON) architecture for data interactions between functional elements and systems, improvements to security, major updates to the call bridging, discrepancy reports, an outgoing call interface function, blind transfer support, and updates to novel call types including non-interactive calls and advanced automatic crash notifications (AACNs). Version 3 also incorporates a number of new IETF specifications and has made adjustments to addressing to harmonize schemes across Europe and North America.

< <https://www.rrmediagroup.com/News/NewsDetails/NewsID/20298> https://www.rrmediagroup.com/News/NewsDetails/NewsID/20298>

 

Wireshark 3.4.1

New and Updated Features: IETF QUIC TLS decryption errors when a NAT rebinding happens for a connection Bug 16915.

< <https://www.neowin.net/news/wireshark-341/> https://www.neowin.net/news/wireshark-341/>

 

Oblivious DNS over HTTPS (ODoH): an attempt to improve DNS privacy

... Oblivious DNS over HTTPS (ODoH) is just a proposed protocol as of now and needs to be approved by the IETF before it is adopted across the web. Even though Cloudflare suggests that, so far, it has got companies like PCCW, SURF, and Equinix as its proxy partners to help with the launch of the protocol and that it has added the ability to take ODoH requests on its 1.1.1.1 DNS service, the truth of the matter is that, unless web browsers natively add support for the protocol, you can not use it.

< <https://techpp.com/2020/12/14/odoh-oblivious-dns-over-https-explained/> https://techpp.com/2020/12/14/odoh-oblivious-dns-over-https-explained/>

 

Oblivious DoH: Cloudflare supports new privacy, security-focused DNS standard

... DNS over HTTPS (DoH) and DNS over TLS (DoT), were engineered to safeguard these paths through IETF standardized DNS encryption, reducing the risk of queries being intercepted or modified -- for example, by preventing attackers from redirecting users from legitimate domains to malicious addresses. Third-parties, such as ISPs, also find it more difficult to trace website visits when DoH is enabled.

< <https://www.zdnet.com/article/oblivious-doh-cloudflare-supports-a-new-privacy-security-focused-dns-standard/> https://www.zdnet.com/article/oblivious-doh-cloudflare-supports-a-new-privacy-security-focused-dns-standard/>

 

Cloudflare, Apple, and others back a new way to make the Internet more private: New DNS technique separates address lookups from the people making them.

For more than three decades, the Internet’s most key underpinning has posed privacy and security threats to the billion-plus people who use it every day. Now, Cloudflare, Apple, and content-delivery network Fastly have introduced a novel way to fix that using a technique that prevents service providers and network snoops from seeing the addresses end users visit or send email to. Engineers from all three companies have devised Oblivious DNS, a major change to the current domain name system that translates human-friendly domain names into the IP addresses computers need to find other computers over the Internet. The companies are working with the IETF in hopes it will become an industry-wide standard. Abbreviated as ODoH, Oblivious DNS builds off a separate DNS improvement called DNS over HTTPS, which remains in the very early stages of adoption.

< <https://arstechnica.com/information-technology/2020/12/cloudflare-apple-and-others-back-a-new-way-to-make-the-internet-more-private/> https://arstechnica.com/information-technology/2020/12/cloudflare-apple-and-others-back-a-new-way-to-make-the-internet-more-private/>

 

Improving DNS Privacy with Oblivious DoH in 1.1.1.1

Today we are announcing support for a new proposed DNS standard — co-authored by engineers from Cloudflare, Apple, and Fastly — that separates IP addresses from queries, so that no single entity can see both at the same time. Even better, we’ve made source code available, so anyone can try out ODoH, or run their own ODoH service! ... To safeguard DNS from onlookers and third parties, the IETF standardized DNS encryption with DNS over HTTPS (DoH) and DNS over TLS (DoT). Both protocols prevent queries from being intercepted, redirected, or modified between the client and resolver.

< <https://blog.cloudflare.com/oblivious-dns/> https://blog.cloudflare.com/oblivious-dns/>

 

Cloudflare and Apple design a new privacy-friendly internet protocol

... Sullivan said a few partner organizations are already running proxies, allowing for early adopters to begin using the technology through Cloudflare’s existing 1.1.1.1 DNS resolver. But most will have to wait until ODoH is baked into browsers and operating systems before it can be used. That could take months or years, depending on how long it takes for ODoH to be certified as a standard by the IETF.

< <https://techcrunch.com/2020/12/08/cloudflare-and-apple-design-a-new-privacy-friendly-internet-protocol/> https://techcrunch.com/2020/12/08/cloudflare-and-apple-design-a-new-privacy-friendly-internet-protocol/>

< <https://www.msn.com/en-us/news/technology/cloudflare-and-apple-design-a-new-privacy-friendly-internet-protocol/ar-BB1bKf8a> https://www.msn.com/en-us/news/technology/cloudflare-and-apple-design-a-new-privacy-friendly-internet-protocol/ar-BB1bKf8a>

 

NTT and NEC in alliance to take on GAFA with open standards

... In the past standards emerged from the International Telecommunication Union (ITU), said Shibutani. “They decided everything, such as telephone numbers, country codes and routes.” Power has moved to the IETF as a de facto standards body, he added, but the result is “people from English-speaking countries keep working on their own standards”.

< <https://www.capacitymedia.com/articles/3827161/ntt-and-nec-in-alliance-to-take-on-gafa-with-open-standards> https://www.capacitymedia.com/articles/3827161/ntt-and-nec-in-alliance-to-take-on-gafa-with-open-standards>

 

Apple, Cloudflare Join Forces To Encrypt DNS

... "ODoH is an emerging protocol being developed at the IETF. ODoH works by adding a layer of public key encryption, as well as a network proxy between clients and DoH servers such as 1.1.1.1. The combination of these two added elements guarantees that only the user has access to both the DNS messages and their own IP address at the same time."

< <https://www.techdirt.com/articles/20201208/11470145843/apple-cloudflare-join-forces-to-encrypt-dns.shtml> https://www.techdirt.com/articles/20201208/11470145843/apple-cloudflare-join-forces-to-encrypt-dns.shtml>

 

Apple's new partnership might help close one of the web's worst privacy holes

... In order to safeguard DNS from third parties, the IETF standardized DNS encryption with DNS over HTTPS (DoH) and DNS over TLS (DoT). Both of these protocols prevent queries from being intercepted, redirected or modified but don't prevent DNS resolvers from seeing the websites you visit online.

< <https://www.techradar.com/news/apples-new-partnership-might-help-close-one-of-the-webs-worst-privacy-holes> https://www.techradar.com/news/apples-new-partnership-might-help-close-one-of-the-webs-worst-privacy-holes>

< <https://www.techradar.com/au/news/apples-new-partnership-might-help-close-one-of-the-webs-worst-privacy-holes> https://www.techradar.com/au/news/apples-new-partnership-might-help-close-one-of-the-webs-worst-privacy-holes>

 

CloudFlare Announces Support For Privacy-Focused Oblivious DNS Over HTTPS Protocol

... When DNS first launched and with implementations that remain today, data is sent in plaintext over the internet to resolve a website with DNS servers. Thus, the IETF standardized a new form of DNS calls named DNS over HTTPS (DoH) and DNS over TLS (DoT). Both of these standards encrypt the DNS data going to and fro over the internet, which “prevent[s] queries from being intercepted, redirected, or modified between the client and resolver.” While the standards are great, it raises concerns of single points of failure and the possibility that CloudFlare can still see the DNS requests, but oDoH plans to take care of that.

< <https://hothardware.com/news/cloudflare-odoh-protocol> https://hothardware.com/news/cloudflare-odoh-protocol>

 

Apple engineers partner with Cloudflare to improve internet privacy

... The longest wait will be for it to be certified as a standard by the IETF, which will make it more attractive to developers to implement.

< <https://appleinsider.com/articles/20/12/08/apple-engineers-partner-with-cloudflare-to-improve-internet-privacy> https://appleinsider.com/articles/20/12/08/apple-engineers-partner-with-cloudflare-to-improve-internet-privacy>

 

Apple and Cloudflare Develop New Privacy-Focused Internet Protocol

... Though it will likely first need to be certified as a standard by the IETF, considering that Apple was directly involved in developing the technology, it is not unreasonable to expect Apple to be among the first to integrate it in the future.

< <https://www.macrumors.com/2020/12/08/apple-cloudfare-develop-privacy-internet-protocol/> https://www.macrumors.com/2020/12/08/apple-cloudfare-develop-privacy-internet-protocol/>

< <https://www.ultimatepocket.com/apple-and-cloudflare-develop-new-privacy-focused-internet-protocol/> https://www.ultimatepocket.com/apple-and-cloudflare-develop-new-privacy-focused-internet-protocol/>

 

Apple and Cloudflare's Oblivious DNS addresses a gap in the privacy protections of the internet's routing infrastructure

... Oblivious DNS would bake privacy protections into the fundamental addressing infrastructure of the internet. Right now it's just a proposed standard, but engineers are working within the IETF to formalize the protocol so it can be integrated into browsers and operating systems for wider adoption.

< <https://www.businessinsider.com/apple-cloudflare-introduce-new-privacy-protecting-protocol-2020-12?r=AU&IR=T> https://www.businessinsider.com/apple-cloudflare-introduce-new-privacy-protecting-protocol-2020-12?r=AU&IR=T>

 

Cloudflare und Apple verbessern Datenschutz bei DNS-Anfragen [Cloudflare and Apple improve data protection for DNS requests]

... Hier soll nun Oblivious DNS-over-HTTPS für Abhilfe sorgen. Das Protokoll, das von der IETF betreut wird, fügt eine zusätzliche Public-Key-Verschlüsselung sowie einen Netzwerk-Proxy zwischen den Clients und den DoH-Servern ein. „Die Kombination dieser beiden Elemente garantiert, dass nur der Nutzer gleichzeitig Zugang zu den DNS-Nachrichten und der eigenen IP-Adresse hat“, teilte Cloudflare mit.

< <https://www.zdnet.de/88390347/cloudflare-und-apple-verbessern-datenschutz-bei-dns-anfragen/> https://www.zdnet.de/88390347/cloudflare-und-apple-verbessern-datenschutz-bei-dns-anfragen/>

 

Oblivious DNS: Apple, Cloudflare und Fastly wollen Privatsphäre im Web steigern [Oblivious DNS: Apple, Cloudflare and Fastly aim to increase privacy on the web]

... Schon jetzt können interessierte sich die Technik genauer ansehen. Ob sie irgendwann in iOS, macOS und Co. zum Einsatz kommt, bleibt abzuwarten. Selbst wenn die Technologie fertig entwickelt würde, muss sie dann noch von der „IETF“ zertifiziert werden, damit auch Softwareentwickler das Gefühl bekommen, es lohnt sich, die Technologie in die eigenen Produkte einzubauen.

< <https://macnotes.de/2020/12/09/oblivious-dns-apple-cloudflare-und-fastly-wollen-privatsphare-im-web-steigern/> https://macnotes.de/2020/12/09/oblivious-dns-apple-cloudflare-und-fastly-wollen-privatsphare-im-web-steigern/>

 

ODoH : Apple et Cloudflare poussent leur implémentation du DNS sécurisé [ODoH: Apple and Cloudflare push their implementation of secure DNS]

... Les trois entreprises tentent de standardiser, auprès de l’IETF, leur implémentation de cette extension du protocole DoH (DNS over HTTPS).

< <https://www.silicon.fr/odoh-apple-cloudflare-dns-securise-354255.html> https://www.silicon.fr/odoh-apple-cloudflare-dns-securise-354255.html>

 

Cloudflare et Apple travaillent sur le protocole Oblivious DoH (ODoH) avec l'IETF [Cloudflare and Apple are working on Oblivious DoH (ODoH) protocol with the IETF]

Les ingénieurs de Cloudflare, Apple et du réseau de distribution Fastly ont mis au point Oblivious DoH, un changement majeur du système de noms de domaine actuel qui traduit des noms de domaine conviviaux en adresses IP dont les ordinateurs ont besoin pour trouver d'autres ordinateurs sur Internet. Les entreprises travaillent avec l'IETF, en particulier les standards qui composent la suite de protocoles Internet) dans l'espoir qu'il deviendra une norme à l'échelle de l'industrie.

< <https://web.developpez.com/actu/311105/Cloudflare-et-Apple-travaillent-sur-le-protocole-Oblivious-DoH-ODoH-avec-l-IETF-qui-s-appuie-sur-les-ameliorations-apportees-par-DNS-over-HTTPS-pour-mieux-proteger-les-donnees-des-internautes/> https://web.developpez.com/actu/311105/Cloudflare-et-Apple-travaillent-sur-le-protocole-Oblivious-DoH-ODoH-avec-l-IETF-qui-s-appuie-sur-les-ameliorations-apportees-par-DNS-over-HTTPS-pour-mieux-proteger-les-donnees-des-internautes/>

 

DNS ancora più sicuri e rispettosi della privacy: arriva Oblivious DoH. Cos'è [Even more secure and privacy-respectful DNS: Oblivious DoH arrives. What is it]

... ODoH è un "protocollo emergente" sviluppato dalla IETF: non è quindi "un'invenzione" di Cloudflare e suoi partner. Esso aggiunge un livello di sicurezza addizionale introducendo la crittografia a chiave pubblica come un proxy di rete tra client e server DNS compatibili DoH.

< <https://www.ilsoftware.it/articoli.asp?tag=DNS-ancora-piu-sicuri-e-rispettosi-della-privacy-arriva-Oblivious-DoH-Cos-e_22253> https://www.ilsoftware.it/articoli.asp?tag=DNS-ancora-piu-sicuri-e-rispettosi-della-privacy-arriva-Oblivious-DoH-Cos-e_22253>

 

Oblivious DoH, il nuovo DNS di Cloudflare che protegge la privacy [Oblivious DoH, cloudflare's new DNS that protects privacy]

Cloudflare annunciato il supporto per Oblivious DoH, un nuovo standard DNS proposto all’IETF, i cui autori sono ingegneri della stessa Cloudflare, di Apple e Fastly, che separa gli indirizzi IP dalle query, in modo che nessuna singola entità possa vederli entrambi contemporaneamente.

< <https://www.01net.it/oblivious-doh-nuovo-dns-cloudflare-protegge-privacy/> https://www.01net.it/oblivious-doh-nuovo-dns-cloudflare-protegge-privacy/>

 

La solución de Apple y Cloudflare para solucionar el gran problema de cómo funcionan las DNS: la privacidad [Apple and Cloudflare's solution to solving the big problem of how DNS works: privacy]

... Para proteger el DNS de terceros, la IETF estandarizó la encriptación del DNS con la tecnología DNS mediante HTTPS (DoH por sus siglas en inglés) y también DNS over TLS (DoT). Ambos protocolos están hechos para evitar que las consultas sean interceptadas o redirigidas.

< <https://www.xataka.com/pro/solucion-apple-cloudflare-para-solucionar-gran-problema-como-funcionan-dns-privacidad> https://www.xataka.com/pro/solucion-apple-cloudflare-para-solucionar-gran-problema-como-funcionan-dns-privacidad>

 

Cloudflare y Apple están trabajando en el protocolo ODoH con el IETF [Cloudflare and Apple are working on the ODoH protocol with IETF]

... Las empresas están trabajando con el Grupo de trabajo de ingeniería de Internet (IETF, una organización que desarrolla y promueve los estándares de Internet) con la esperanza de que se convierta en un estándar mundial.

< <https://blog.desdelinux.net/cloudflare-y-apple-estan-trabajando-en-el-protocolo-odoh-con-el-ietf/> https://blog.desdelinux.net/cloudflare-y-apple-estan-trabajando-en-el-protocolo-odoh-con-el-ietf/>

 

Cloudflare oferece suporte a um novo padrão DNS para a privacidade e segurança [Cloudflare supports a new DNS standard for privacy and security]

... O DNS over HTTPS (DoH) e DNS over TLS (DoT) foram projetados para proteger esses caminhos por meio da criptografia DNS padronizada da IETF. Assim, reduz o risco de interceptação ou modificação de consultas – por exemplo, evitando que invasores redirecionem usuários de domínios legítimos para endereços maliciosos. Terceiros, como ISPs, também acham mais difícil rastrear visitas a sites quando o DoH está ativado.

< <https://sempreupdate.com.br/cloudflare-oferece-suporte-a-um-novo-padrao-dns-para-a-privacidade-e-seguranca/> https://sempreupdate.com.br/cloudflare-oferece-suporte-a-um-novo-padrao-dns-para-a-privacidade-e-seguranca/>

 

Powstał nowy standard, dzięki któremu systemy DNS będą jeszcze bezpieczniejsze [A new standard has been created to make DNS even safer]

... Należy zauważyć, że standard ODoH jest nadal w fazie rozwoju. Jednak firma Cloudflare nawiązała już współpracę z organizacją IETF, starając się ją przekonać do tego aby zaakceptowała wstępnie nowy standard ODoH i z czasem zgodziła się na to, aby można go dodawać do systemów DNS.

< <https://www.computerworld.pl/news/Powstal-nowy-standard-dzieki-ktoremu-systemy-DNS-beda-jeszcze-bezpieczniejsze,424305.html> https://www.computerworld.pl/news/Powstal-nowy-standard-dzieki-ktoremu-systemy-DNS-beda-jeszcze-bezpieczniejsze,424305.html>

 

Cloudflare en SURF lanceren Oblivious DNS over HTTPS [Cloudflare and SURF are launching Oblivious DNS over HTTPS]

... Om ODoH goed te laten werken is het nodig dat de proxyserver die het dns-verzoek naar de dns-server doorstuurt, door een andere partij wordt beheerd dan de dns-provider. Hiervoor werkt Cloudflare samen met verschillende proxypartners, te weten PCCW, SURF en Equinix. ODoH is inmiddels te gebruiken met de 1.1.1.1-dns-server van Cloudflare zelf. Daarnaast heeft Cloudflare de ODoH-specificatie aan de IETF voorgelegd, in de hoop er een internetstandaard van te maken.

< <https://www.security.nl/posting/680970/Cloudflare+en+SURF+lanceren+Oblivious+DNS+over+HTTPS> https://www.security.nl/posting/680970/Cloudflare+en+SURF+lanceren+Oblivious+DNS+over+HTTPS>

 

Cloudflare с Apple разработали новый Интернет-протокол для защиты приватности [Cloudflare and Apple have developed a new Internet protocol to protect privacy]

... Несколько партнёрских организаций, в том числе PCCW, SURF и Equinix, уже запустили прокси-серверы, позволяющие ранним пользователям опробовать ODoH с помощью DNS-резольвера Cloudflare 1.1.1.1, но широкой общественности придется ждать, пока поддержка ODoH не будет ратифицирована группой IETF для интеграции в браузеры и операционные системы.

< <https://ko.com.ua/cloudflare_s_apple_razrabotali_novyj_internet-protokol_dlya_zashhity_privatnosti_135613> https://ko.com.ua/cloudflare_s_apple_razrabotali_novyj_internet-protokol_dlya_zashhity_privatnosti_135613>

 

Cloudflare, Apple и Fastly представили сохраняющий конфиденциальность вариант DNS over HTTPS [Cloudflare, Apple and Fastly introduced the confidential version of DNS over HTTPS]

... Комитет IETF, занимающийся развитием протоколов и архитектуры интернета, начал процесс стандартизации спецификации ODoH, которая в настоящий момент находится на стадии черновика. Для развёртывания узлов ODoH подготовлены открытые реализации клиентских и серверных компонентов ODoH, а также универсальные библиотеки.

< <http://rosinvest.com/novosti/1425779> http://rosinvest.com/novosti/1425779>

 

Apple och CloudFlare föreslår ny DNS-standard [Apple and CloudFlare propose new DNS standard]

... Det handlar om en standard som skulle baseras på DNS-protokollet "Oblivious DNS over HTTPS" (ODoH). ODoH är utvecklat av IETF, organisationen som även ligger bakom de båda protokollen DNS over HTTPS (DoH) och DNS over TLS (DoT) som är vanliga idag. Det finns dock svagheter i dessa protokoll som gör att internetoperatörer skulle kunna övervaka vilka webbsidor en användare besöker. Därför föreslår CloudFlare att ODoH, som de själva har börjat använda i sin DNS-tjänst 1.1.1.1, ska bli en ny DNS-standard.

< <https://feber.se/internet/apple-och-cloudflare-foreslar-ny-dns-standard/419104/> https://feber.se/internet/apple-och-cloudflare-foreslar-ny-dns-standard/419104/>

 

Cloudflare & Apple σχεδιάζουν νέο πρωτόκολλο Internet με έμφαση στην ιδιωτικότητα των χρηστών [Cloudflare & Apple design new Internet protocol with focus on user privacy]

... Ο Sullivan αναφέρει επίσης ότι ήδη κάποιες εταιρίες προσφέρουν proxy servers ώστε να επιτραπεί σε κάποιους χρήστες να χρησιμοποιούν τη νέα τεχνολογία μέσα από τους DNS servers της Cloudflare (1.1.1.1). Παρ’ όλα αυτά θα χρειαστεί να περιμένουμε, ίσως και χρόνια, έως ότου το νέο πρωτόκολλο ενσωματωθεί στους browsers και τα λειτουργικά συστήματα, ανάλογα το χρονικό διάστημα που θα απαιτηθεί για τις απαραίτητες πιστοποιήσεις από την IETF.

< <https://www.insomnia.gr/articles/internet/cloudflare-apple-σχεδιάζουν-νέο-πρωτόκολλο-internet-με-έμφαση-στην-ιδιωτικότητα-των-χρηστών-r178107/> https://www.insomnia.gr/articles/internet/cloudflare-apple-σχεδιάζουν-νέο-πρωτόκολλο-internet-με-έμφαση-στην-ιδιωτικότητα-των-χρηστών-r178107/>

 

La silenziosa battaglia della Cina per cambiare le regole di internet [China's silent battle to change internet rules]

... Lo dimostra anche la mossa della Cina di bussare all’Itu e non all’organismo che dal 1986 si occupa delle innovazioni di rete, l‘Ietf, aperta a esperti e tecnici (e tra i tre organi multilaterali che governano la rete). Come spiega una fonte a Wired, siccome quest’ultima organizzazione è vicina agli Stati Uniti, nell’agenzia delle Nazioni Unite Pechino spera di trovare più ascolto. L’Itu stessa, dal canto suo, rivendica di potersi occupare di questi temi, visto che si tratta di una nuova architettura delle reti e di un progetto a lungo termine.

< <https://www.wired.it/internet/regole/2020/12/09/cina-internet-regole-new-ip-5g-stati-uniti/> https://www.wired.it/internet/regole/2020/12/09/cina-internet-regole-new-ip-5g-stati-uniti/>

 

qu’est-ce que c’est, comment les changer et pourquoi le faire [what it is, how to change them and why to do it]

... La documentation officielle de l’Internet Engineering Working Group ou IETF définit dans RTC 1034 que cet élément agit comme un système de dénomination hiérarchique et décentralisé, et se charge de nommer les différents appareils connectés à un réseau IP, que ce soit Internet ou un réseau privé.

< <https://www.marseillenews.net/news/technologie/quest-ce-que-cest-comment-les-changer-et-pourquoi-le-faire-69348.html> https://www.marseillenews.net/news/technologie/quest-ce-que-cest-comment-les-changer-et-pourquoi-le-faire-69348.html>

 

Bezpieczny DNS - co to jest i do czego służy DNSSEC? [Secure DNS - what is IT and what is DNSSEC used for?]

... Aby złagodzić te istotne wady systemu DNS, grupa robocza IETF opracowała w 2005 roku system DNSSEC :

< <https://www.salon24.pl/u/cos-strasznego/1097219,bezpieczny-dns-co-to-jest-i-do-czego-sluzy-dnssec> https://www.salon24.pl/u/cos-strasznego/1097219,bezpieczny-dns-co-to-jest-i-do-czego-sluzy-dnssec>

 

Mengenal Cyber Ethics, Etika dalam Menggunakan Internet [Knowing Cyber Ethics, Ethics in Using the Internet]

... Selain itu ada Netiket yang diterapkan oleh IETF. IETF merupakan sebuah komunitas masyarakat yang terdiri dari para perancang jaringan, operator, penjual dan peneliti yang berhubungan dengan evolusi aristektur dan pengoperasian internet di skala internasional. IETF menetapkan aturan umum yaitu :

< <https://yoursay.suara.com/news/2020/12/09/113932/mengenal-cyber-ethics-etika-dalam-menggunakan-internet?page=all> https://yoursay.suara.com/news/2020/12/09/113932/mengenal-cyber-ethics-etika-dalam-menggunakan-internet?page=all>

 

開発研修をオンライン化するツール開発・解説WebAssembly・確定間近!QUIC(HTTP/3) [Tool development / commentary WebAssembly / decision to bring development training online! QUIC (HTTP / 3)]

... 16:45~16:50 - 【解説3】今抑えておきたいQUIC: 講演者:IIJイノベーションインスティテュート 技術開発室 室長 山本 和彦: Googleで開発された新しいトランスポートプロトコルであるQUICは、IETFで標準化の作業が進められ、もう少しでRFCが発行されそうです。IETF QUICをサポートするブラウザやサーバも活発に実装されており、すでにChromeでは利用可能となっています。このセッションでは、IETF QUICの位置付けや現状を

< <https://iij.connpass.com/event/196667/> https://iij.connpass.com/event/196667/>

 

TTA, '스탠다드 TTA' 유튜브 채널 오픈…비대면 표준화 특강 [TTA opens 'Standard TTA' YouTube channel... Non-face-to-face standardization special lectures]

... 프로그램은 비대면의료(원격의료) 보안 프레임워크, ISO/IEC 25023 기반 소프트웨어 품질 측정, 사실상 국제표준과 기업 표준화 전략, 매시블리 패럴엘 컴퓨팅(Massively Parallel Computing) 표준, IETF I2NSF 기술 및 오픈소스, 분산원장기술(블록체인) 및 참조구조 국제 표준에 관한 주제로 진행된다.

< <http://itnews.inews24.com/view/1326449> http://itnews.inews24.com/view/1326449>

< <http://www.it-b.co.kr/news/articleView.html?idxno=46055> http://www.it-b.co.kr/news/articleView.html?idxno=46055>

 

**********************

SECURITY & PRIVACY

**********************

Microsoft introduces steps to improve internet routing security

The internet runs on the Border Gateway Protocol (BGP). A network or autonomous system (AS) is bound to trust, accept, and propagate the routes advertised by its peers without questioning its provenance. That is the strength of BGP and allows the internet to update quickly and heal failures. But it is also its weakness—the path to prefixes owned by a network can be changed by accident or malicious intent to redirect, intercept, or blackhole traffic. Last year alone, there were hundreds of routing outages or incidents, such as route hijacking and leaks. These incidents led to large-scale distributed denial of service (DDoS) attacks, stolen data, lost revenue, reputational damage, and more.

< <https://azure.microsoft.com/en-us/blog/microsoft-introduces-steps-to-improve-internet-routing-security/> https://azure.microsoft.com/en-us/blog/microsoft-introduces-steps-to-improve-internet-routing-security/>

 

Microsoft Details Plans to Improve Security of Internet Routing

Microsoft this week shared details on the steps it will take in an effort to ensure improved security for Internet routing.

< <https://www.securityweek.com/microsoft-details-plans-improve-security-internet-routing> https://www.securityweek.com/microsoft-details-plans-improve-security-internet-routing>

 

A Balanced DNS Information Protection Strategy: Minimize at Root and TLD, Encrypt When Needed Elsewhere

Over the past several years, questions about how to protect information exchanged in the DNS have come to the forefront. One of these questions was posed first to DNS resolver operators in the middle of the last decade, and is now being brought to authoritative name server operators: “to encrypt or not to encrypt?” It’s a question that Verisign has been considering for some time as part of our commitment to security, stability and resiliency of our DNS operations and the surrounding DNS ecosystem.

< <https://blog.verisign.com/security/a-balanced-dns-information-protection-strategy-minimize-at-root-and-tld-encrypt-when-needed-elsewhere/> https://blog.verisign.com/security/a-balanced-dns-information-protection-strategy-minimize-at-root-and-tld-encrypt-when-needed-elsewhere/>

 

97% of All Global 2000 Companies at Risk from SAD DNS Attack

There is a new threat in town known as "SAD DNS" that allows attackers to redirect traffic, putting companies at risk of phishing, data breach, reputation damage, and revenue loss. What is SAD DNS? No, it isn't the DNS feeling moody, but an acronym for a new-found threat -- "Side-channel AttackeD DNS" discovered by researchers that could revive DNS cache poisoning attacks.

< <https://www.cscdbs.com/blog/sad-dns-attack-risks/> https://www.cscdbs.com/blog/sad-dns-attack-risks/>

 

SAD DNS Explained

This week, at the ACM CCS 2020 conference, researchers from UC Riverside and Tsinghua University announced a new attack against the DNS called SAD DNS (Side channel AttackeD DNS). This attack leverages recent features of the networking stack in modern operating systems (like Linux) to allow attackers to revive a classic attack category: DNS cache poisoning. As part of a coordinated disclosure effort earlier this year, the researchers contacted Cloudflare and other major DNS providers and we are happy to announce that 1.1.1.1 Public Resolver is no longer vulnerable to this attack.

< <https://blog.cloudflare.com/sad-dns-explained/> https://blog.cloudflare.com/sad-dns-explained/>

 

eu: New Guidelines for Telecom and 5G Security

ENISA issues new guidelines to support Europe’s telecom security authorities in implementing the security requirements of the European Electronic Communications Code (EECC) and the EU 5G toolbox. The guidelines and associated 5G supplement underline the importance of a common approach to telecom security for the Digital Single Market.

< <https://www.enisa.europa.eu/news/enisa-news/new-guidelines-for-telecom-and-5g-security> https://www.enisa.europa.eu/news/enisa-news/new-guidelines-for-telecom-and-5g-security>

 

Here’s how we can strengthen cybersecurity for ‘the New Normal’ by Malcolm Johnson, ITU Deputy Secretary-General

The pace at which the world is changing can be unsettling and casts uncertainty about the future. Cybersecurity concerns are reaching unprecedented levels, and no country and no industry is untouched. According to one estimate, cybercrime could cost the world more than US$10 trillion a year by 2025, which would represent the greatest transfer of economic wealth in history.

< <https://news.itu.int/strengthen-cybersecurity-new-normal/> https://news.itu.int/strengthen-cybersecurity-new-normal/>

 

Focus on National Cybersecurity Capabilities: New Self-Assessment Framework to Empower EU Member States

The EU Agency for Cybersecurity issues a National Capabilities Assessment Framework (NCAF) to help EU Member States self-measure the level of maturity of their national cybersecurity capabilities.

< <https://www.enisa.europa.eu/news/enisa-news/national-cybersecurity-capabilities-framework> https://www.enisa.europa.eu/news/enisa-news/national-cybersecurity-capabilities-framework>

 

Driving the Global Ecosystem of Incident Response Capabilities: New Studies Now Available

The European Union Agency for Cybersecurity releases two studies to develop and support incident response teams, during the 12th meeting of the CSIRTs Network.

< <https://www.enisa.europa.eu/news/enisa-news/driving-the-global-ecosystem-of-incident-response-capabilities-new-studies-now-available> https://www.enisa.europa.eu/news/enisa-news/driving-the-global-ecosystem-of-incident-response-capabilities-new-studies-now-available>

 

**********************

INTERNET OF THINGS

**********************

ITU and UN-Habitat partner to accelerate digital transformation of cities and communities

Cities are home to 3.5 billion people, half of humanity, and this figure is projected to rise to 5 billion by 2030. Government, industry, academia and civil society are working together to accelerate the digital transformation of cities and communities to meet today’s challenges and challenges to come.

< <https://www.itu.int/en/mediacentre/Pages/pr30-2020-UN-Habitat-partner-accelerate-digital-transformation-cities-communities.aspx> https://www.itu.int/en/mediacentre/Pages/pr30-2020-UN-Habitat-partner-accelerate-digital-transformation-cities-communities.aspx>

 

us: Internet of Things law uses procurement process to boost cybersecurity

As cybersecurity threats increase and internet-connected devices proliferate, President Donald Trump has signed new legislation aimed at limiting the risks to government and incentivizing manufacturers to address security gaps.

< <https://www.reuters.com/article/dataprivacy-internetofthings/internet-of-things-law-uses-procurement-process-to-boost-cybersecurity-idUSL1N2IO01I> https://www.reuters.com/article/dataprivacy-internetofthings/internet-of-things-law-uses-procurement-process-to-boost-cybersecurity-idUSL1N2IO01I>

 

IoT standards: The US government must create them, and businesses will follow

Since the Internet of Things (IoT) became an enterprise focus, the task of standardizing IoT has been a major headache. IoT devices come with proprietary operating systems that their manufacturers create, not to mention security presets that may or may not conform to enterprise network requirements. Collectively, this makes IoT an integration challenge for most companies.

< <https://www.techrepublic.com/article/iot-standards-the-us-government-must-create-them-and-businesses-will-follow/> https://www.techrepublic.com/article/iot-standards-the-us-government-must-create-them-and-businesses-will-follow/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Norman Abramson, Pioneer Behind Wireless Networks, Dies at 88

Norman Abramson, the leader of a group of scientists and engineers who pioneered the development of wireless computer networks, died on Dec. 1 at his home in San Francisco. He was 88.

< <https://www.nytimes.com/2020/12/11/technology/norman-abramson-dead.html> https://www.nytimes.com/2020/12/11/technology/norman-abramson-dead.html>

 

ITU Virtual Digital World 2020 SME Awards reveal most innovative tech solutions with positive social impact

The International Telecommunication Union (ITU) today recognized innovative tech solutions with the potential to change lives across the globe at the Virtual Digital World Awards ceremony, following an expert-led SME programme of masterclasses and online pitching. Awards were presented in four different categories:

< <https://www.itu.int/en/mediacentre/Pages/pr29-2020-Virtual-Digital-World-SME-innovative-tech-solutions-social-impact.aspx> https://www.itu.int/en/mediacentre/Pages/pr29-2020-Virtual-Digital-World-SME-innovative-tech-solutions-social-impact.aspx>

 

Lessons learned from COVID-19: A call for closer collaboration by Malcolm Johnson, ITU Deputy Secretary-General

As the UN specialized agency for ICTs, ITU harmonizes the use of the radio-frequency spectrum and satellite orbits, develops international technical standards, and assists developing countries with infrastructure and policy development.

< <https://news.itu.int/lessons-learned-covid-19-closer-collaboration-malcolm-johnson/> https://news.itu.int/lessons-learned-covid-19-closer-collaboration-malcolm-johnson/>

 

The new internet era: more speed, more devices, but infrastructure lags behind

Although many complex tech solutions are leading the internet to a new era, the current network architecture is failing to progress at the same speed, raising the question of whether the fallback will force current developments to hit the brakes until it can catch up.

< <https://www.rapidtvnews.com/2020120359509/the-new-internet-era-more-speed-more-devices-but-infrastructure-lags-behind.html> https://www.rapidtvnews.com/2020120359509/the-new-internet-era-more-speed-more-devices-but-infrastructure-lags-behind.html>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home