[Newsclips] IETF SYN-ACK Newspack 2023-04-03

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Minimized DNS Resolution: Into the Penumbra

... To help advance this area of technology, in 2015, Verisign announced a royalty-free license to its qname minimization patents in connection with certain IETF standardization efforts.

< <https://blog.verisign.com/security/minimized-dns-resolution/> https://blog.verisign.com/security/minimized-dns-resolution/>

< <https://circleid.com/posts/20230330-minimized-dns-resolution-into-the-penumbra> https://circleid.com/posts/20230330-minimized-dns-resolution-into-the-penumbra>

 

EU mandated messaging platform love-in is easier said than done: Cambridge boffins

By March 2024, instant messaging and real-time media apps operated by large tech platforms in Europe will be required to communicate with other services, per the EU's Digital Markets Act (DMA). ... Leading contenders for a common protocol include Matrix, Signal, and the IETF's MLS (Messaging Layer Security), the two computer scientists say. But variations in implementation – Signal, WhatsApp, Viber, Facebook Messenger, and others rely on different versions of the Signal protocol – make standardization difficult.

< <https://www.theregister.com/2023/03/29/eu_mandated_messaging_interop_paper/> https://www.theregister.com/2023/03/29/eu_mandated_messaging_interop_paper/>

< <https://www.msn.com/en-us/money/other/eu-mandated-messaging-platform-love-in-is-easier-said-than-done-cambridge-boffins/ar-AA19e4sx> https://www.msn.com/en-us/money/other/eu-mandated-messaging-platform-love-in-is-easier-said-than-done-cambridge-boffins/ar-AA19e4sx>

 

Putin and Xi’s plot to control the internet will leave the West in the dust

When President Xi whispered a few sweet nothings into Vladimir Putin’s ear last week, it was a private exchange that they wanted everyone to hear. ... There are two forums that decide the internet’s technical standards, and both have either been captured, or faced a constant battle against infiltration. One is the International Telecommunications Union, founded a month after Abraham Lincoln was assassinated. The other is an engineer-led forum called the ... IETF.

< <https://www.telegraph.co.uk/business/2023/03/27/britains-creaking-internet-framework-risks-left-behind-china/> https://www.telegraph.co.uk/business/2023/03/27/britains-creaking-internet-framework-risks-left-behind-china/>

< <https://www.msn.com/en-us/news/world/putin-and-xis-plot-to-control-the-internet-will-leave-the-west-in-the-dust/ar-AA197DNQ> https://www.msn.com/en-us/news/world/putin-and-xis-plot-to-control-the-internet-will-leave-the-west-in-the-dust/ar-AA197DNQ>

 

UK sets out the new Science and Technology Framework

... The focus of the framework on future telecommunications will be on the evolution of infrastructure for digitised data and communications. The framework states that some of the government's initial work in this area will be working with global standards development organisations (SDOs), including the United Nation's International Telecommunication Union, ISO/IEC (the International Organization for Standardization/the International Electrotechnical Commission), the ETSI and the IETF, to "ensure that the standards underpinning our critical technologies reflect our UK values". The inclusion of ETSI in this list is notable given the proliferation of global FRAND (fair, reasonable and non-discriminatory) licensing disputes in the English courts (and elsewhere) concerning patents declared essential to ESTI standards (SEPs).

< <https://www.osborneclarke.com/insights/uk-sets-out-new-science-and-technology-framework> https://www.osborneclarke.com/insights/uk-sets-out-new-science-and-technology-framework>

< <https://www.lexology.com/library/detail.aspx?g=963b1002-04d5-4a46-b1f1-aa8ff8e0f4ec> https://www.lexology.com/library/detail.aspx?g=963b1002-04d5-4a46-b1f1-aa8ff8e0f4ec>

 

RKVST takes part in Tokyo hackathon, showcases capabilities

RKVST has participated in the IETF 116 Hackathon that took place earlier this week in Japan.

< <https://channellife.co.nz/story/rkvst-takes-part-in-tokyo-hackathon-showcases-capabilities> https://channellife.co.nz/story/rkvst-takes-part-in-tokyo-hackathon-showcases-capabilities>

< <https://securitybrief.co.uk/story/rkvst-takes-part-in-tokyo-hackathon-showcases-capabilities> https://securitybrief.co.uk/story/rkvst-takes-part-in-tokyo-hackathon-showcases-capabilities>

 

RKVST showcases supply chain integrity, transparency and trust implementation at IETF 116 Hackathon [news release]

RKVST announces its participation in the upcoming IETF 116 Hackathon taking place March 25 and 26 in Yokohama, Japan. The hackathon will seek to exercise and inform the draft standards from the IETF Supply Chain Integrity, Transparency and Trust (SCITT) Working Group.

< <https://www.rkvst.com/press_releases/rkvst-showcases-supply-chain-integrity-transparency-and-trust-implementation-at-ietf-116-hackathon/> https://www.rkvst.com/press_releases/rkvst-showcases-supply-chain-integrity-transparency-and-trust-implementation-at-ietf-116-hackathon/>

 

GSMA Taskforce Urges Telcos to ‘Start Planning, Not Panicking’ for Post-Quantum Threats

... For post-quantum standards that are telco specific, the taskforce has issued liaison statements to multiple organizations, including the 3GPP, the ITU, the ETSI, and the IETF to align and orchestrate ongoing work in the area of quantum-safe technology, Thorpe noted.

< <https://www.sdxcentral.com/articles/news/gsma-taskforce-urges-telcos-to-start-planning-not-panicking-for-post-quantum-threats/2023/03/> https://www.sdxcentral.com/articles/news/gsma-taskforce-urges-telcos-to-start-planning-not-panicking-for-post-quantum-threats/2023/03/>

 

5G Advanced – Stakeholder Collaboration Essential To Maximise ROI For Operators

... The development of 5.5G and F5.5G will require a converged fixed/wireless IP network. Work on the definition of a new converged network – tentatively called Net5.5G – has already begun. Both the IETF and the IEEE are working on the first phase of Net5.5G standardization, but consensus is still needed on fixed/wireless bearer technologies such as 800GE backbone, 400GE MAN, etc. as well as on key aspects of other technologies such as WiFi-7, Segment Routing over IPv6 (SRv6), etc. before the new standard is released in 2024. With new capabilities, Net5.5G will enable operators maximise the potential of 5.5G and provide new opportunities for growth.

< <https://www.counterpointresearch.com/5-5g/> https://www.counterpointresearch.com/5-5g/>

 

Nokia enhances DOCOMO’s nationwide network with upgraded IP core and transport network slicing for 5G services [news release]

Nokia today announced it will enhance NTT DOCOMO, INC.’s (DOCOMO) nationwide IP core backbone and enable transport network slicing as it rolls out new 5G mobile services. The enhancement will allow granular SLAs, network scale, capacity and agility, along with increased power and resource efficiency. ... Nokia’s NSP complements DOCOMO’s segment routing solution with a Path Computation Engine (PCE) that leverages real-time telemetry to automatically optimize the IP network and improve SLA adherence. NSP will also enable DOCOMO to automate the creation, assurance, and optimization of IETF standards-based network slices in the transport domain.

< <https://www.nokia.com/about-us/news/releases/2023/03/28/nokia-enhances-docomos-nationwide-network-with-upgraded-ip-core-and-transport-network-slicing-for-5g-services/> https://www.nokia.com/about-us/news/releases/2023/03/28/nokia-enhances-docomos-nationwide-network-with-upgraded-ip-core-and-transport-network-slicing-for-5g-services/>

 

IETF approves publication of Messaging Layer Security standard [subscription]

< <https://www.telecompaper.com/news/ietf-approves-publication-of-messaging-layer-security-standard--1458412> https://www.telecompaper.com/news/ietf-approves-publication-of-messaging-layer-security-standard--1458412>

 

IETF akkoord met nieuwe Messaging Layer Security-standaard [IETF Agrees to New Messaging Layer Security Standard]

De IETF is akkoord met de publicatie van Messaging Layer Security (MLS), een nieuwe beveiligingsstandaard die het naar verwachting voor apps gemakkelijker maakt om hun gebruikers het hoogste beveiligingsniveau te bieden.

< <https://www.telecompaper.com/news/ietf-akkoord-met-nieuwe-messaging-layer-security-standaard--1458494> https://www.telecompaper.com/news/ietf-akkoord-met-nieuwe-messaging-layer-security-standaard--1458494>

 

IETF standardisiert Protokoll für sichere Gruppenchats [IETF standardizes protocol for secure group chats]

Die IETF hat auf ihrem aktuellen Treffen der Veröffentlichung des Standards für das Protokoll Messaging Layer Security (MLS) zugestimmt.

< <https://www.golem.de/news/messaging-layer-security-ietf-standardisiert-protokoll-fuer-sichere-gruppenchats-2303-173089.html> https://www.golem.de/news/messaging-layer-security-ietf-standardisiert-protokoll-fuer-sichere-gruppenchats-2303-173089.html>

 

Mehr Durchblick im Netzwerk mit OpenNMS Horizon und Flows [More visibility in the network with OpenNMS Horizon and Flows]

... Die Modellierung und die Standardisierungsprozesse der einzelnen Komponenten begannen 2001 mit der Gründung der Arbeitsgruppe IP Flow Information Export (IPFIX) innerhalb der IETF.

< <https://www.linux-magazin.de/ausgaben/2023/05/opennms/> https://www.linux-magazin.de/ausgaben/2023/05/opennms/>

 

Complotul lui Putin şi Xi de a controla Internetul lasă Occidentul în paragină [Putin and Xi's plot to control the Internet leaves the West in disrepair]

... Există două forumuri care decid standardele tehnice ale internetului, iar ambele au fost capturate sau se confruntă cu o luptă constantă împotriva infiltrării. Unul este Uniunea Internaţională a Telecomunicaţiilor (UIT), fondată la o lună după asasinarea lui Abraham Lincoln. Celălalt este un forum condus de ingineri, numit IETF.

< <https://epochtimes-romania.com/news/complotul-lui-putin-si-xi-de-a-controla-internetul-lasa-occidentul-in-paragina---341498> https://epochtimes-romania.com/news/complotul-lui-putin-si-xi-de-a-controla-internetul-lasa-occidentul-in-paragina---341498>

 

ARI, una extensión de Let’s Encrypt para coordinar renovaciones de certificados [ARI, an extension of Let's Encrypt to coordinate certificate renewals]

... La especificación ARI está pasando por un proceso de estandarización por parte del comité IETF, que desarrolla los protocolos y la arquitectura de Internet, y se encuentra en la etapa de revisión de una versión preliminar.

< <https://blog.desdelinux.net/ari-una-extension-de-lets-encrypt-para-coordinar-renovaciones-de-certificados/> https://blog.desdelinux.net/ari-una-extension-de-lets-encrypt-para-coordinar-renovaciones-de-certificados/>

 

ノキア、NTTドコモの全国ネットワークを強化 [Nokia strengthens NTT DoCoMo's nationwide network]

... ノキアのNSPは、リアルタイムのテレメトリを活用してIPネットワークを自動的に最適化し、SLAの遵守を向上させるパスコンピュテーションエンジン（PCE）により、ドコモのセグメントルーティングソリューションを補完する。また、NSPにより、ドコモはトランスポート領域におけるIETF標準ベースのネットワークスライスの作成、保証、最適化の自動化が可能になる。

< <https://businessnetwork.jp/article/13494/> https://businessnetwork.jp/article/13494/>

 

베트남, 2025년까지 IPv6 전면 서비스 목표…인터넷프로토콜 버전6 [Vietnam aims to fully service IPv6 by 2025... Internet Protocol Version 6]

... IPv6는 43억개로 제한돼있는 기존 IPv4기반 도메인의 고갈에 대응해 국제인터넷표준화기구(IETF)가 고안한 새로운 도메인 체계로, 128비트 기반의 주소 길이와 구성 등으로 사실상 무제한 사용이 가능한 것으로 평가된다.

< <http://www.insidevina.com/news/articleView.html?idxno=23355> http://www.insidevina.com/news/articleView.html?idxno=23355>

 

中国移动“算力路由”原创技术相关工作取得重大突破 [China Mobile has made a major breakthrough in the original technology of "computing power routing"]

近日，由中国移动主导推进的“算力路由”工作组在国际互联网标准化组织（IETF）成功获批成立。工作组将负责算力路由相关标准的立项和制定，中国移动就任工作组主席。这标志着中国移动算力网络“算网一体”原创技术体系取得里程碑式进展，算力和网络两大学科交叉融合形成广泛国际共识。

< <https://finance.sina.com.cn/tech/roll/2023-03-29/doc-imynptxa8283824.shtml> https://finance.sina.com.cn/tech/roll/2023-03-29/doc-imynptxa8283824.shtml>

 

我国推动6G关键技术研究，6G时代卫星通信不可或缺 [China promotes the research of 6G key technologies, and satellite communication in the 6G era is indispensable]

... 近日，由中国移动历时四年主导推进的“算力路由”工作组在国际互联网标准化组织(IETF)成功获批。IETF是国际互联网领域最权威的标准化组织，定义了IP/TCP等互联网基础协议标准。此次获批标志着中国移动算力网络“算网一体”原创技术体系取得里程碑式进展，算力和网络两大学科交叉融合形成广泛国际共识。“算力路由”工作组的获批，代表着我国算力网络技术方向在全球互联网最核心的标准组织得到认可，迈出了算力网络原创技术国际标准化的开创性一步。

< <http://sc.stock.cnfol.com/shichangceping/20230331/30126445.shtml> http://sc.stock.cnfol.com/shichangceping/20230331/30126445.shtml>

 

IETF стандартизирует протокол сквозного шифрования MLS [IETF standardizes MLS end-to-end encryption protocol]

Комитет IETF, занимающийся развитием протоколов и архитектуры интернета, утвердил публикацию стандарта MLS (Messaging Layer Security), определяющего протокол для организации сквозного шифрования в приложениях, выполняющих обмен сообщениями.

< <https://forpost-sevastopol.ru/newsfull/422840/ietf-standartiziruet-protokol-skvoznogo-shifrovaniya-mls.html> https://forpost-sevastopol.ru/newsfull/422840/ietf-standartiziruet-protokol-skvoznogo-shifrovaniya-mls.html>

 

**********************

SECURITY & PRIVACY

**********************

Strategising cybersecurity: Why a risk-based approach is key

By 2027, cybercrime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cybersecurity is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organizations.

< <https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/> https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/>

 

Understanding Cyber Threats in Transport

The European Union Agency for Cybersecurity (ENISA) publishes its first cyber threat landscape report dedicated to the transport sector. This new report maps and analyses cyber incidents in relation to aviation, maritime, railway and road transport covering the period of January 2021 to October 2022.

< <https://www.enisa.europa.eu/news/understanding-cyber-threats-in-transport> https://www.enisa.europa.eu/news/understanding-cyber-threats-in-transport>

 

Scroll through EU Cybersecurity Certification

The new mini-site launched by the European Union Agency for Cybersecurity (ENISA) serves the objective to promote and disseminate information related to EU cybersecurity certification.

< <https://www.enisa.europa.eu/news/scroll-through-eu-cybersecurity-certification> https://www.enisa.europa.eu/news/scroll-through-eu-cybersecurity-certification>

 

eu: Every Cloud Cybersecurity Market has a Silver Lining

The European Union Agency for Cybersecurity (ENISA) publishes a cybersecurity market analysis of the cloud and an updated version of the cybersecurity market analysis framework.

< <https://www.enisa.europa.eu/news/every-cloud-cybersecurity-market-has-a-silver-lining> https://www.enisa.europa.eu/news/every-cloud-cybersecurity-market-has-a-silver-lining>

 

€1.3 billion from the Digital Europe Programme for Europe’s digital transition and cybersecurity

Today the Commission has adopted two multiannual work programmes for the Digital Europe Programme, outlining the objectives and specific topic areas that will receive close to €1.3 billion in funding.

< <https://digital-strategy.ec.europa.eu/en/news/eu13-billion-digital-europe-programme-europes-digital-transition-and-cybersecurity-0> https://digital-strategy.ec.europa.eu/en/news/eu13-billion-digital-europe-programme-europes-digital-transition-and-cybersecurity-0>

 

€1.3 billion from the Digital Europe Programme for Europe’s digital transition and cybersecurity

The European Commission has adopted the Digital Europe Programme Work Programme for 2023-2024. The Commission has adopted two multiannual work programmes for the Digital Europe Programme, outlining the objectives and specific topic areas that will receive a total of €1.284 billion in funding, out of which €553 million is available in 2023.

< <https://digital-strategy.ec.europa.eu/en/news/eu13-billion-digital-europe-programme-europes-digital-transition-and-cybersecurity> https://digital-strategy.ec.europa.eu/en/news/eu13-billion-digital-europe-programme-europes-digital-transition-and-cybersecurity>

 

Cybersecurity focus in second Digital Europe work programme

The European Commission has published the 2023-24 work programme for the Digital Europe funding programme, setting out key tech policy focus areas for the upcoming years, with a dedicated section for cybersecurity.

< <https://www.euractiv.com/section/cybersecurity/news/cybersecurity-focus-in-second-digital-europe-work-programme/> https://www.euractiv.com/section/cybersecurity/news/cybersecurity-focus-in-second-digital-europe-work-programme/>

 

MANRS Community Report 2022: Significant Milestones and Broadening Engagement

The MANRS project achieved several significant milestones in 2022. We grew from 750 total MANRS participants at the beginning of the year to 886 participants as of 31 December 2022. We saw the adoption of resource public key infrastructure (RPKI)—a key tool in stopping route leaks and hijacks—increase to 77% and ROV implementation to 10% amongst MANRS participants, while we observed an overall decline in routing incidents.

< <https://www.manrs.org/2023/03/manrs-community-report-2022-significant-milestones-and-broadening-engagement/> https://www.manrs.org/2023/03/manrs-community-report-2022-significant-milestones-and-broadening-engagement/>

 

Cybersecurity: Why cyber security is critical to a successful energy transition

This is the decade when the pace of the energy transition is set. A 1.5 degrees Celsius future can be achieved with the massive scale-up of existing technologies, such as carbon capture and storage, electrification, hydrogen, batteries and renewables.

< <https://worldoil.com/magazine/2023/march-2023/features/cybersecurity-why-cyber-security-is-critical-to-a-successful-energy-transition/> https://worldoil.com/magazine/2023/march-2023/features/cybersecurity-why-cyber-security-is-critical-to-a-successful-energy-transition/>

 

Retailers must invest in cybersecurity as hackers put them in hot seat

The frequency of cyberattacks has been increasing since 2020, with notable attacks on JD Sports and WHSmith reported in Q1 2023, as widespread remote working that began in response to Covid-19 enabled hackers to easily target employees accessing corporate networks through VPNs, according to GlobalData’s Cybersecurity in Retail and Apparel 2022 report. However, security breaches remain a significant threat even though companies have improved their cybersecurity in response to these threats through investment in zero-trust network access (ZTNA), which enables secure access to internal applications for remote workers.

< <https://www.retail-insight-network.com/comment/retailers-invest-cybersecurity-hackers/> https://www.retail-insight-network.com/comment/retailers-invest-cybersecurity-hackers/>

 

WiFi protocol flaw allows attackers to hijack network traffic

Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.

< <https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/> https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/>

 

Wi-Fi protocol vulnerability allows traffic decryption

The ubiquitous 802.11 protocol has a vulnerability that allows an attacker to bypass encryption for some traffic.

< <https://www.itnews.com.au/news/wi-fi-protocol-vulnerability-allows-traffic-decryption-592609> https://www.itnews.com.au/news/wi-fi-protocol-vulnerability-allows-traffic-decryption-592609>

 

Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues Affecting Multiple Cisco Products

Summary: On March 27, 2023, the research paper Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues was made public. This paper discusses vulnerabilities in the 802.11 standard that could allow an attacker to spoof a targeted wireless client and redirect frames that are present in the transmit queues in an access point to an attacker-controlled device. This attack is seen as an opportunistic attack and the information gained by the attacker would be of minimal value in a securely configured network.

< <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-ffeb-22epcEWu> https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-ffeb-22epcEWu>

 

SAVNET WG Seeks to Improve Existing SAV Mechanisms in Intra-Domain and Inter-Domain Networks

Source address spoofing (IP spoofing) remains a significant challenge for network operators seeking to secure their networks against malicious actors who often use IP spoofing techniques in reflection amplification attacks, which are the major source of large-scale DoS attacks.

< <https://www.manrs.org/2023/03/savnet-wg-seeks-to-improve-existing-sav-mechanisms-in-intra-domain-and-inter-domain-networks/> https://www.manrs.org/2023/03/savnet-wg-seeks-to-improve-existing-sav-mechanisms-in-intra-domain-and-inter-domain-networks/>

 

Your Biggest Cybersecurity Threat Is Something You’ve Never Heard Of

When Chinese government-backed hackers accessed the Microsoft Exchange server in 2021, they didn’t break through tough firewalls to access the network. They came right in through an open door. Application programming interfaces, or APIs, are bits of code that allow different software applications to interface and “talk” with each other. Increasingly, hackers exploit vulnerabilities in these open portals to access sensitive data and wreak havoc.

< <https://www.forbes.com/sites/forbestechcouncil/2023/03/30/your-biggest-cybersecurity-threat-is-something-youve-never-heard-of/> https://www.forbes.com/sites/forbestechcouncil/2023/03/30/your-biggest-cybersecurity-threat-is-something-youve-never-heard-of/>

 

DNSSEC is the Key to a Healthy Future for the Internet

The future of internet connectivity could diverge into two very different outcomes—aggressive monopolization by a few providers or a more diverse landscape that fosters innovation.

< <https://securityboulevard.com/2023/03/dnssec-is-the-key-to-a-healthy-future-for-the-internet/> https://securityboulevard.com/2023/03/dnssec-is-the-key-to-a-healthy-future-for-the-internet/>

 

DDoS DNS attacks are old-school, unsophisticated … and they’re back

Ransomware may currently be the biggest bogeyman for cybersecurity pros, law enforcement, and governments, but it shouldn't divert us from more traditional, but still very disruptive threats.

< <https://www.theregister.com/2023/03/29/ddos_dns_attacks_are_oldschool/> https://www.theregister.com/2023/03/29/ddos_dns_attacks_are_oldschool/>

 

Mitigating DDoS using an anycast playbook

DDoS attacks continue to pose a significant challenge for online services today. In those attacks, offenders attempt to overwhelm a service by flooding it with traffic from multiple sources, making it inaccessible to legitimate clients.

< <https://blog.apnic.net/2023/03/28/mitigating-ddos-using-an-anycast-playbook/> https://blog.apnic.net/2023/03/28/mitigating-ddos-using-an-anycast-playbook/>

 

us: What Are the Consequences of Backdoors for Online Privacy?

Law enforcement agencies are concerned about Apple’s new end-to-end encryption protections for iCloud, arguing more warrant-proof encryption compromises their ability to protect the global public. When talking to The Washington Post, an FBI spokesperson even called for “lawful access by design” to effectively put a backdoor in otherwise secure products and services.

< <https://datainnovation.org/2023/04/what-are-the-consequences-of-backdoors-for-online-privacy/> https://datainnovation.org/2023/04/what-are-the-consequences-of-backdoors-for-online-privacy/>

 

Minimized DNS Resolution: Into the Penumbra

Over the past several years, domain name queries – a critical element of internet communication – have quietly become more secure, thanks, in large part, to a little-known set of technologies that are having a global impact. Verisign CTO Dr. Burt Kaliski covered these in a recent Internet Protocol Journal article, and I’m excited to share more about the role Verisign has performed in advancing this work and making one particular technology freely available worldwide.

< <https://blog.verisign.com/security/minimized-dns-resolution/> https://blog.verisign.com/security/minimized-dns-resolution/>

 

Processing Domain Data to Improve Business Continuity as a Domain Name Registry

In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected.

< <https://circleid.com/posts/20230330-processing-domain-data-to-improve-business-continuity-as-a-domain-name-registry> https://circleid.com/posts/20230330-processing-domain-data-to-improve-business-continuity-as-a-domain-name-registry>

 

nl: “Survey of DMARC mail security on Mastodon servers makes disappointing findings”

Numerous new Mastodon servers have recently sprung up. And, unfortunately, they're attracting the interest of scammers. A phishing mail campaign targeting users of the masto.ai server prompted network security specialist Sean Whalen to check whether the domain names of the top 1000 Mastodon servers had DMARC e-mail security protection.

< <https://www.sidn.nl/en/news-and-blogs/survey-of-dmarc-mail-security-on-mastodon-servers-makes-disappointing-findings> https://www.sidn.nl/en/news-and-blogs/survey-of-dmarc-mail-security-on-mastodon-servers-makes-disappointing-findings>

 

nl: Intercept and Inject: DNS Response Manipulation in the Wild

DNS is a protocol that translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 93.184.216.34). Unfortunately, DNS is mostly deployed over UDP making it prone to various types of manipulation. In November 2021, users from Mexico could not access whatsapp.net and facebook.com - it turned out those queries were routed towards one of the local instances of the k-root and got intercepted by some middleboxes on the way. In this blog post, we analyze that event from RIPE Atlas point of view and, more broadly, evaluate the extent of DNS manipulation when sending queries to DNS root servers. We have recently presented our findings at the Passive and Active Measurement Conference (PAM-2023).

< <https://www.sidnlabs.nl/en/news-and-blogs/intercept-and-inject-dns-response-manipulation-in-the-wild> https://www.sidnlabs.nl/en/news-and-blogs/intercept-and-inject-dns-response-manipulation-in-the-wild>

 

Resilience of Dutch public services' DNS infrastructure assessed

Last week, the National Cyber Security Centre (NCSC) presented the findings of research into the resilience of the DNS infrastructure underpinning Dutch public services. Undertaken for the NCSC by SIDN Labs and the University of Twente, the research involved a metrics study to establish the extent to which DNS service best practices were followed with Dutch government domains.

< <https://www.sidnlabs.nl/en/news-and-blogs/resilience-of-dutch-public-services-dns-infrastructure-assessed> https://www.sidnlabs.nl/en/news-and-blogs/resilience-of-dutch-public-services-dns-infrastructure-assessed>

 

Secret trove offers rare look into Russian cyberwar ambitions

Russian intelligence agencies worked with a Moscow-based defense contractor to strengthen their ability to launch cyberattacks, sow disinformation and surveil sections of the internet, according to thousands of pages of confidential corporate documents. The documents detail a suite of computer programs and databases that would allow Russia’s intelligence agencies and hacking groups to better find vulnerabilities, coordinate attacks and control online activity. The documents suggest the firm was supporting operations including both social media disinformation and training to remotely disrupt real-world targets, such as sea, air and rail control systems.

< <https://www.washingtonpost.com/national-security/2023/03/30/russian-cyberwarfare-documents-vulkan-files/> https://www.washingtonpost.com/national-security/2023/03/30/russian-cyberwarfare-documents-vulkan-files/>

 

Cyberwarfare leaks show Russian army is adopting mindset of secret police

A consortium of media outlets have published a bombshell investigation about Russia’s cyber-capabilities, based on a rare leak of documents. The files come from NTC Vulkan, a cybersecurity firm in Moscow that doubles as a contractor to Russian military and intelligence agencies.

< <https://www.theguardian.com/technology/2023/mar/30/cyberwarfare-leaks-show-russian-army-is-adopting-mindset-of-secret-police> https://www.theguardian.com/technology/2023/mar/30/cyberwarfare-leaks-show-russian-army-is-adopting-mindset-of-secret-police>

 

A Look Inside Putin's Secret Plans for Cyber-Warfare

Elite hackers from Russia have their sights set on airports and power plants around the world, along with the internet. Confidential data from Moscow, obtained by DER SPIEGEL and its partners, now provide a look inside their arsenal of cyber-weapons and reveal their strategy.

< <https://www.spiegel.de/international/world/the-vulkan-files-a-look-inside-putin-s-secret-plans-for-cyber-warfare-a-4324e76f-cb20-4312-96c8-1101c5655236> https://www.spiegel.de/international/world/the-vulkan-files-a-look-inside-putin-s-secret-plans-for-cyber-warfare-a-4324e76f-cb20-4312-96c8-1101c5655236>

 

Enforcement of Cybersecurity Regulations: Part 2

Across many issues and sectors, one tool for enforcing government standards is to require periodic external audits of regulated entities. As a 2012 study for the Administrative Conference of the United States found, “[T]hird parties are charged with assessing the safety of imported food, children’s products, medical devices, cell phones and other telecommunications equipment, and electrical equipment used in workplaces” and with ensuring that “products labeled as organic, energy-efficient, and water-efficient meet applicable federal standards.” Third-party programs have been seen as desirable because they extend the reach of regulators whose resources are limited, shifting some regulatory costs to private parties and thereby conserving governmental resources.

< <https://www.lawfareblog.com/enforcement-cybersecurity-regulations-part-2> https://www.lawfareblog.com/enforcement-cybersecurity-regulations-part-2>

 

Cambridge Consultants’ John Taibi on Future-Proofing Government IT Systems Against Quantum Attacks

Government agencies should future-proof their information technology systems starting at the design stage to make them resilient against evolving threats from the exploitation of quantum computers, according to John Taibi, vice president of business development at Cambridge Consultants.

< <https://blog.executivebiz.com/2023/03/government-agencies-should-future-proof-it-systems-against-quantum-attacks/> https://blog.executivebiz.com/2023/03/government-agencies-should-future-proof-it-systems-against-quantum-attacks/>

 

**********************

INTERNET OF THINGS

**********************

How Starlink's Innovative Mesh Network Principles Can Revolutionize the Logistics Industry

Living in a remote area often means struggling to connect to the internet, with slow speeds, patchy coverage, and costly equipment hindering the online experience. This is the dilemma Starlink, Elon Musk's ambitious satellite internet project, is attempting to address.

< <https://www.supplychainbrain.com/blogs/1-think-tank/post/36810-how-starlinks-innovative-mesh-network-principles-can-revolutionize-the-logistics-industry> https://www.supplychainbrain.com/blogs/1-think-tank/post/36810-how-starlinks-innovative-mesh-network-principles-can-revolutionize-the-logistics-industry>

 

Making Internet of Things more secure

With wearable fitness trackers, car key fobs and smart home devices, the Internet of Things (IoT) has become ubiquitous in our lives. Unfortunately, much of this flow of information is vulnerable to malicious activity and attacks as securing the IoT has not kept pace with new technological advances.

< <https://source.wustl.edu/2023/03/making-internet-of-things-more-secure/> https://source.wustl.edu/2023/03/making-internet-of-things-more-secure/>

 

Decoding the Internet of Things

Anna Stewart meets David Nichols, who inadvertently created the world's first-ever IoT device: a humble vending machine that he and his fellow computer science students hooked up to the ethernet so they could monitor its supplies of coke.

< <https://edition.cnn.com/videos/business/2023/03/28/exp-decoded-show-05-internet-of-things-stewart-032512pseg1-cnni-business.cnn> https://edition.cnn.com/videos/business/2023/03/28/exp-decoded-show-05-internet-of-things-stewart-032512pseg1-cnni-business.cnn>

 

Inside the Internet of Things

CNN's Anna Stewart investigates the Internet of Things, and meets with an ethical hacker who warns that without regulation, our smart tech leaves us exposed.

< <https://edition.cnn.com/videos/tech/2023/03/29/exp-decoded-show-05-the-internet-of-things-032512pseg3.cnn> https://edition.cnn.com/videos/tech/2023/03/29/exp-decoded-show-05-the-internet-of-things-032512pseg3.cnn>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Huawei, Ericsson, and Nokia are the most active companies contributing to 5G 3GPP standardization (Analyst Angle)

Three big network vendors (Huawei, Ericsson, and Nokia) have been leading in both the number of contributions and approved contributions for 5G technologies to The 3rd Generation Partnership Project (3GPP).

< <https://www.rcrwireless.com/20230329/opinion/huawei-ericsson-and-nokia-are-the-most-active-companies-contributing-to-5g-3gpp-standardization-analyst-angle> https://www.rcrwireless.com/20230329/opinion/huawei-ericsson-and-nokia-are-the-most-active-companies-contributing-to-5g-3gpp-standardization-analyst-angle>

 

Ironically, the tech company that made the most contributions to 5G does not sell a 5G phone

Depending on your point of view, Huawei is either a company too close to the Chinese Communist Party (CCP) and there is a good reason why it is labeled a national security threat in the U.S., or the company is being unfairly picked on and should be allowed to compete freely in the marketplace. Regardless of your feelings about Huawei, there is no denying that when it comes to the number of 3GPP 5G tech contributions made worldwide, Huawei is the global leader. The 3GPP is the group that develops the standards and protocols for mobile telecommunications.

< <https://www.phonearena.com/news/huawei-makes-most-5g-contributions_id146633> https://www.phonearena.com/news/huawei-makes-most-5g-contributions_id146633>

 

Huawei is far ahead of the rest of the world in 5G network contribution

ABI Research recently compiled the number of 3GPP 5G tech contributions and the TOP20 list of approved contributions in a study on the analysis of the 5G network. In contrast to other brands like Ericsson, Nokia, Qualcomm, Samsung, Intel, and others, Huawei came out on top in the world. The Chinese company is first for both of the two key metrics of total tech contribution and approved contribution.

< <https://www.gizchina.com/2023/03/31/huawei-5g-network-contribution/> https://www.gizchina.com/2023/03/31/huawei-5g-network-contribution/>

 

One NZ teams with Musk's SpaceX for total coverage, 2degrees goes with Lynk

... James Alderdice, VP Asia-Pacific at Lynk, said the company was building, launching, and operating a constellation of LEO satellites which would act as "cell towers in space". “The beauty of this is its simplicity as Lynk works with all existing standard 3GPP mobile devices," he said.

< <https://www.reseller.co.nz/article/706497/one-nz-teams-musk-starlink-total-coverage-2degrees-lynk/> https://www.reseller.co.nz/article/706497/one-nz-teams-musk-starlink-total-coverage-2degrees-lynk/>

 

Disaster-prone cell tower network forces telcos to reach for the stars

... James Alderdice, the company's vice-president for Asia-Pacific at Lynk, says its 'Lynk the World' constellation provides connectivity directly to mobile phones without any modifications to either the mobile phone network or to customer devices. "The beauty of this is its simplicity as Lynk works with all existing standard 3GPP mobile devices," he says.

< <https://www.newsroom.co.nz/starlink-roll-out-responds-to-disaster-vulnerability-of-cell-network> https://www.newsroom.co.nz/starlink-roll-out-responds-to-disaster-vulnerability-of-cell-network>

< <https://www.msn.com/en-nz/news/other/disaster-prone-cell-tower-network-forces-telcos-to-reach-for-the-stars/ar-AA19osQN> https://www.msn.com/en-nz/news/other/disaster-prone-cell-tower-network-forces-telcos-to-reach-for-the-stars/ar-AA19osQN>

 

UDPベースで高速化した汎用プロトコル、最新HTTPに採用された「QUIC」とは [What is "QUIC" adopted in the latest HTTP, a general-purpose protocol that is UDP based on speedup?]

QUICとはUDPをベースとした汎用通信プロトコルである。IETFが2021年に「RFC 9000」として勧告し、新たなインターネット標準技術となった。2022年に「RFC 9114」にて勧告されたHTTP／3は、トランスポート層プロトコルとしてQUICを採用した。 

< <https://xtech.nikkei.com/atcl/nxt/keyword/18/00002/031300226/> https://xtech.nikkei.com/atcl/nxt/keyword/18/00002/031300226/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Why Governments’ Involvement in Standards Development is Crucial: Policymakers can boost innovation through standards

With the rapid rate of technological advancements and evolution, coupled with urgent global challenges, the world’s need for technical standards has never been greater. Technology standards establish specifications and procedures designed to maximize the reliability of materials, products, methods, and services. In short, standards help increase the reliability and effectiveness of many of the goods and services people interact with daily.

< <https://spectrum.ieee.org/government-in-standards-is-crucial> https://spectrum.ieee.org/government-in-standards-is-crucial>

 

ITU Secretary-General Doreen Bogdan-Martin receives IEEE President’s Award

​​​The world's largest technical professional organization, IEEE, presented ITU Secretary-General Doreen Bogdan-Martin with the 2023 IEEE President's Award in a ceremony today at ITU headquarters in Geneva.

< <https://www.itu.int/en/mediacentre/Pages/PR-2023-03-28-ITU-secretary-general-doreen-bogdan-martin-receives-IEEE-presidents-award.aspx> https://www.itu.int/en/mediacentre/Pages/PR-2023-03-28-ITU-secretary-general-doreen-bogdan-martin-receives-IEEE-presidents-award.aspx>

 

The Do-or-Die Moments That Determined the Fate of the Internet

New technologies often are introduced through spectacle: Think of the historic demonstrations carried out by Faraday, Edison, Morse, and Bell, or, more recently, by Steve Jobs onstage in his black turtleneck at Macworld 2007, holding the first iPhone. Indeed, hyped-up product announcements at industry events like the Consumer Electronics Show (now CES) and the Game Developers Conference have become regular features of the digital world.

< <https://spectrum.ieee.org/computer-networking> https://spectrum.ieee.org/computer-networking>

 

W3C invites implementations of Web Neural Network API

The Web Machine Learning Working Group invites implementations of the Web Neural Network API Candidate Recommendation Snapshot.

< <https://www.w3.org/blog/news/archives/9868> https://www.w3.org/blog/news/archives/9868>

 

Call for Review: WAI-ARIA 1.2 is a W3C Proposed Recommendation

The Accessible Rich Internet Applications Working Group has published a Proposed Recommendation of Accessible Rich Internet Applications (WAI-ARIA) 1.2. This specification provides an ontology of roles, states, and properties that define accessible user interface elements and can be used to improve the accessibility and interoperability of web content and applications.

< <https://www.w3.org/blog/news/archives/9864> https://www.w3.org/blog/news/archives/9864>

 

Turing Award Won by Co-Inventor of Ethernet Technology

In June 1972, Bob Metcalfe, a 26-year-old engineer fresh out of graduate school, joined a new research lab in Palo Alto, Calif., as it set out to build something that few people could even imagine: a personal computer.

< <https://www.nytimes.com/2023/03/22/technology/turing-award-bob-metcalfe-ethernet.html> https://www.nytimes.com/2023/03/22/technology/turing-award-bob-metcalfe-ethernet.html>

 

Bob Metcalfe, Ethernet Pioneer, Wins Turing Award

Bob Metcalfe has always been a believer in the power of networking. In the 1980s and 1990s he helped popularize the idea that a network’s value grows rapidly with the number of users, a precept now known as Metcalfe’s law. Today, with the internet ubiquitous, he thinks on a grander scale. “The most important new fact about the human condition is that we are now suddenly connected,” he said.

< <https://www.quantamagazine.org/bob-metcalfe-ethernet-pioneer-wins-turing-award-20230322/> https://www.quantamagazine.org/bob-metcalfe-ethernet-pioneer-wins-turing-award-20230322/>

 

ACM Turing Award Honors Bob Metcalfe For Ethernet

ACM, the Association for Computing Machinery, today named Bob Metcalfe as recipient of the 2022 ACM A.M. Turing Award for the invention, standardization, and commercialization of Ethernet.

< <https://amturing.acm.org/> https://amturing.acm.org/>

< <https://amturing.acm.org/award_winners/metcalfe_3968158.cfm> https://amturing.acm.org/award_winners/metcalfe_3968158.cfm>

 

William Wulf, computer pioneer who opened way for internet, dies at 83

At the National Science Foundation in 1988, a new assistant director, William Wulf, and a colleague swapped ideas about the future of a dial-up network that was barely known to the public and restricted mostly to academia and federal agencies. Imagine, the colleague said, if this system was open to everyone.

< <https://www.washingtonpost.com/obituaries/2023/03/28/william-wulf-internet-computers-dies/> https://www.washingtonpost.com/obituaries/2023/03/28/william-wulf-internet-computers-dies/>

 

Gordon E. Moore, Intel Co-Founder Behind Moore’s Law, Dies at 94

Gordon E. Moore, a co-founder and former chairman of Intel Corporation, the California semiconductor chip maker that helped give Silicon Valley its name, achieving the kind of industrial dominance once held by the giant American railroad or steel companies of another age, died on Friday at his home in Hawaii. He was 94.

< <https://www.nytimes.com/2023/03/24/technology/gordon-moore-dead.html> https://www.nytimes.com/2023/03/24/technology/gordon-moore-dead.html>

 

Intel co-founder Gordon Moore, prophet of the rise of the PC, dies at 94

Intel Corp co-founder Gordon Moore, a pioneer in the semiconductor industry whose "Moore's Law" predicted a steady rise in computing power for decades, died Friday at the age of 94, the company announced.

< <https://www.reuters.com/technology/intel-co-founder-gordon-moore-dies-94-2023-03-25/> https://www.reuters.com/technology/intel-co-founder-gordon-moore-dies-94-2023-03-25/>

 

Technology and industry convergence: A historic opportunity

Purposeful sustainability, insightful AI, and a meaningful metaverse can be had by merging industries and innovations, says MIT professor and CSAIL director Daniela Rus and Accenture’s Kathleen O’Reilly.

< <https://www.technologyreview.com/2023/03/28/1069668/technology-and-industry-convergence-a-historic-opportunity/> https://www.technologyreview.com/2023/03/28/1069668/technology-and-industry-convergence-a-historic-opportunity/>

 

Broadband Forum recognizes the leaders and key contributors driving pivotal work in the industry [news release]

Broadband Forum’s Q1 meeting has taken place this week in Dallas, Texas, and has recognized individuals across the industry who have gone above and beyond to help drive future broadband standards development.

< <https://connect-world.com/broadband-forum-recognizes-the-leaders-and-key-contributors-driving-pivotal-work-in-the-industry/> https://connect-world.com/broadband-forum-recognizes-the-leaders-and-key-contributors-driving-pivotal-work-in-the-industry/>

 

5th Generation Mobile Network Infrastructure: Promises and Pitfalls

Introduction: Little did Nikola Tesla realize in 1926 that nearly 100 years later the interconnected nature of robust telecommunications and information technology sectors would already closely resemble his prediction. As society becomes more interconnected, the public and private sectors must work together to tap the benefits promised while defending against pitfalls. The evolution of mobile communication networks plays a central role in this balancing act. Implementation of the fifth generation (5G) mobile network infrastructure increases data rates, allows for near real-time interactivity, and builds network capacity. While these developments improve the user experience, they also create opportunities that malicious actors will inevitably seek to exploit. To anticipate and mitigate 5G exploitation efforts, this paper highlights the physical and software-related vulnerabilities of 5G infrastructure.

< <https://www.hstoday.us/subject-matter-areas/cybersecurity/5th-generation-mobile-network-infrastructure-promises-and-pitfalls/> https://www.hstoday.us/subject-matter-areas/cybersecurity/5th-generation-mobile-network-infrastructure-promises-and-pitfalls/>

 

Bitcoin and IPv6

In the recently released Part 1 of The Bitcoin Masterclasses by Craig Wright, he discusses the possibilities of Bitcoin IPv6 and the potential revolutionary applications that can be built upon it. While the video is worth watching for many insights within, there are a couple of big points I believe are worth writing about.

< <https://coingeek.com/bitcoin-and-ipv6/> https://coingeek.com/bitcoin-and-ipv6/>

 

ARIN Bits: March 2023

We may just be entering the spring season officially, but at ARIN we’ve been moving with a spring in our step since the very beginning of 2023. The first three months of the year have been a whirlwind of updates, deployments, travel, and more as we continue working to enhance our services and fulfill ARIN’s mission. In this edition of Bits we share important updates from this past quarter and details about upcoming events, including: ARIN 51 and its Fellowship Program, a new NRPM and PDP, changes to our RPKI and IRR tools, security compliance achievements, upcoming industry events, and much more. Read on to learn about all the exciting things blossoming at ARIN and in our community.

< <https://www.arin.net/blog/2023/03/28/arin-bits-march-2023/> https://www.arin.net/blog/2023/03/28/arin-bits-march-2023/>

 

Everything, everywhere, all the time (for the Internet at least)

Dave Taht wrote a blog post titled ‘My 2023 Predictions‘. It’s a thought-provoking piece about what might be around the corner and is definitely worth reading, My expectation is that Internet operations in 2023 will see more of the same:

< <https://blog.apnic.net/2023/03/31/everything-everywhere-all-the-time/> https://blog.apnic.net/2023/03/31/everything-everywhere-all-the-time/>

 

[Podcast] Traceroute, but in ‘the other direction’

In this episode of PING, Dr Rolf Winter, the Professor of Data Communications at Augsburg University of Applied Sciences discusses his work on ‘reverse traceroute’, which is an approach to using the well-known traceroute mechanism but driven from the other end.

< <https://blog.apnic.net/2023/03/30/podcast-traceroute-but-in-the-other-direction/> https://blog.apnic.net/2023/03/30/podcast-traceroute-but-in-the-other-direction/>

 

The APNIC Hackathon is back!

... As with the previous three hackathons, the projects developed revolve around a central theme. The theme for this year was ‘IPv6 Diagnostics Framework‘. Delegates were tasked to develop a framework for IPv6 diagnostics to help organizations identify and resolve deployment-related IPv6 issues, as well as improve the performance and security of IPv6 networks.

< <https://blog.apnic.net/2023/03/29/the-apnic-hackathon-is-back/> https://blog.apnic.net/2023/03/29/the-apnic-hackathon-is-back/>

 

Việt Nam targets 100 per cent usage of IPv6 service by 2025

The first phase of IPv6 for Gov, conducted between 2021 and 2022, primarily focused on state agencies. Half of all ministries, agencies, and localities were targeted to adopt IPv6 transitional plans and successfully shift towards IPv6 for their portals. It is expected that all of them will roll out their plans during the second phase between 2022 and 2025.

< <https://vietnamnews.vn/economy/1503380/viet-nam-targets-100-per-cent-usage-of-ipv6-service-by-2025.html> https://vietnamnews.vn/economy/1503380/viet-nam-targets-100-per-cent-usage-of-ipv6-service-by-2025.html>

 

Việt Nam targets 100 per cent usage of IPv6 service by 2025 [news release]

The Vietnam Internet Network Information Centre (VNNIC) hosted a conference on Tuesday to evaluate the initial phase of the transition to Internet Protocol version 6 for State agencies (IPv6 for Gov) and to plan for the programme's second phase.

< <https://www.einnews.com/pr_news/624907042/vi-t-nam-targets-100-per-cent-usage-of-ipv6-service-by-2025> https://www.einnews.com/pr_news/624907042/vi-t-nam-targets-100-per-cent-usage-of-ipv6-service-by-2025>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home