[Newsclips] IETF SYN-ACK Newspack 2020-11-09

David Goldstein <david@goldsteinreport.com> Mon, 09 November 2020 12:11 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 969463A107C for <newsclips@ietfa.amsl.com>; Mon, 9 Nov 2020 04:11:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cBkwi-5jCho5 for <newsclips@ietfa.amsl.com>; Mon, 9 Nov 2020 04:11:12 -0800 (PST)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DC033A1088 for <newsclips@ietf.org>; Mon, 9 Nov 2020 04:11:09 -0800 (PST)
Received: from DGSurfaceBook (unknown [101.184.63.251]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id 3549D2808A2 for <newsclips@ietf.org>; Mon, 9 Nov 2020 07:11:04 -0500 (EST)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 101.184.63.251) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DGSurfaceBook
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 9 Nov 2020 23:11:03 +1100
Message-ID: <01f201d6b691$670cbed0$35263c70$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01F3_01D6B6ED.9A7E2130"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Ada2kWRzSewPTpHWT/6yFioI5CwIBg==
Content-Language: en-au
X-PPP-Message-ID: <20201109121106.688404.80764@karkinos.atomiclayer.com>
X-PPP-Vhost: goldsteinreport.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/r4xod3VnyEqVakoQlxqbAAn5Glk>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-11-09
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2020 12:11:25 -0000

The IETF SYNACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Internet Engineering Task Force recognizes Endress+Hauser security protocol for field instruments

The cryptography working group within the Internet Engineering Task Force (IETF) standards organization has chosen the Endress+Hauser-developed CPace protocol as a recommended method for use in internet standards.

< <https://www.foodengineeringmag.com/articles/99187-internet-engineering-task-force-recognizes-security-protocol-for-field-instruments-developed-by-endresshauser> https://www.foodengineeringmag.com/articles/99187-internet-engineering-task-force-recognizes-security-protocol-for-field-instruments-developed-by-endresshauser>

 

Endress+Hauser establishes internet security standards: IETF recommends the SmartBlue CPace protocol for password-protected access to instruments

The cryptography working group within the IETF standards organization (Internet Engineering Task Force) has chosen the Endress+Hauser-developed CPace protocol as a recommended method for use in internet standards. After undergoing extensive security analyses, the CPace protocol emerged as the winner in a competition among submissions from developers at several well-known companies.

< <https://www.engineeringnews.co.za/article/endresshauser-establishes-internet-security-standards-2020-11-03/rep_id:4136> https://www.engineeringnews.co.za/article/endresshauser-establishes-internet-security-standards-2020-11-03/rep_id:4136>

 

Nominations Now Open for 2021 Internet Society Board of Trustees Elections by George Sadowsky

The Internet Society Nominations Committee is now inviting nominations for candidates to serve on the Board of Trustees, effective at the start of the Annual General Meeting which is currently scheduled to be held 31 July-1 August 2021. In 2020-2021, Organization Members and the IETF will each select two Trustees, and Chapters will select one Trustee.

< <https://www.internetsociety.org/blog/2020/11/nominations-now-open-for-2021-internet-society-board-of-trustees-elections/> https://www.internetsociety.org/blog/2020/11/nominations-now-open-for-2021-internet-society-board-of-trustees-elections/>

 

NMEA releases latest protocol, OneNet Standard

... OneNet provides a common network infrastructure for marine electronic devices and/or services on IPv6. All OneNet application protocols, such as NMEA 2000 PGN messages, are designed to use a standard IPv6 network protocol stack. The NMEA OneNet Committee utilized many existing standards, including RFCs (Requests for Comments) published by the Internet Engineering Task Force (IETF). This will significantly reduce implementation cost and ensure compatibility with existing TCP/IP networks around the world.

< <https://boatingindustry.com/news/2020/11/05/nmea-releases-latest-protocol-onenet-standard/> https://boatingindustry.com/news/2020/11/05/nmea-releases-latest-protocol-onenet-standard/>

 

Exploding the myth of Huawei’s 5G security risk

... In March 2019, Huawei opened the Brussels Huawei Cyber Security Transparency Centre specifically to communicate with key stakeholders on cybersecurity practices, explore and promote the development of security standards and collaborate with industry organizations (GSMA, C4C WEF), standard organizations (3GPP, IETF, ITU-T) and EU cybersecurity verification organizations (ENISA, BEREC).

< <https://asiatimes.com/2020/11/exploding-the-myth-of-huaweis-5g-security-risk/> https://asiatimes.com/2020/11/exploding-the-myth-of-huaweis-5g-security-risk/>

 

Load Sharing using BGP over IPSec or FastConnect using multiple Providers or FC Partners

During past weeks I have received many questions regarding if load sharing can be performed when using BGP over IPSec when more than one Service Provider is used or when we have in place two FastConnect Virtual Circuits through two different FC Partners. In this blog post, we will analyze the possibility to have the load sharing in place in the absence of BGP ECMP. As you know, Oracle is in the process of introducing the BGP ECMP feature. Until then, let's explore how we can achieve the load sharing only by manipulating the BGP attributes.

< <https://www.ateam-oracle.com/load-sharing-using-bgp-over-ipsec-or-fastconnect-using-multiple-providers-or-fc-partners> https://www.ateam-oracle.com/load-sharing-using-bgp-over-ipsec-or-fastconnect-using-multiple-providers-or-fc-partners>

 

Neuer Standard für Internet-Sicherheit [New standard for Internet security]

Die Kryptographie-Arbeitsgruppe der Internet Standardisierungs-Organisation IETF (Internet Engineering Task Force) hat das von Endress+Hauser entwickelte CPace-Protokoll als empfohlenes Verfahren ausgewählt.

< <https://www.industrielle-automation.net/neuer-standard-fuer-internet-sicherheit/> https://www.industrielle-automation.net/neuer-standard-fuer-internet-sicherheit/>

 

Wie die EU die sozialen Netzwerke aufbrechen kann [How the EU can break up social networks]

... Brown beschreibt in einem neuen Forschungspapier die mögliche Wirkungsweise von Interoperabilität als Werkzeug für die EU-Wettbewerbsbehörden. Ein Folgewerk beschreibt, welche Arten von Protokollen zum Einsatz kommen könnten und über welches internationale Gremium – etwa die internationalen Institutionen W3C und IETF – neue Standards verankert werden können.

< <https://netzpolitik.org/2020/interoperabilitaet-wie-die-eu-die-sozialen-netzwerke-aufbrechen-kann/> https://netzpolitik.org/2020/interoperabilitaet-wie-die-eu-die-sozialen-netzwerke-aufbrechen-kann/>

 

吴建平:IPv6是未来互联网的主要创新平台 [Wu Jianping: IPv6 is the main innovation platform of the Internet in the future]

... 推动互联网技术发展的国际组织是IETF(The Internet Engineering Task Force)。该机构最高领导层为IAB(Internet Architecture Board)即互联网体系结构工作组,其使命是保证互联网平稳的发展。

< <https://www.edu.cn/xxh/zhuan_jia_zhuan_lan/wu_jian_ping/guan_dian/202011/t20201103_2029663.shtml> https://www.edu.cn/xxh/zhuan_jia_zhuan_lan/wu_jian_ping/guan_dian/202011/t20201103_2029663.shtml>

 

暗網潛航——DDoS(三):魑魅魍魎(一) [Dark Web Submarine-DDoS (3): Ghosts and Ghosts (1)]

要具體實現一次成功的DDoS攻擊,消耗對方頻寬及網絡資源,直至系統崩潰失效,當中要用到哪些攻擊方法及技巧?其實可以有超過30種以上的入侵方法!讓我向大家慢慢介紹這種易學難精的攻擊手段。網絡上所有通訊都是倚靠不同「網絡協議」及「網絡封包」完成資料及訊息傳遞。這些協議和封包,都是先由「網際網絡工程任務組」(IETF)發佈RFC文檔,收集意見後,再由「網際網絡協會」(ISOC)發行制定。

< <https://hd.stheadline.com/news/columns/1118/20201102/892992/專欄-暗網潛航-DDoS-三-魑魅魍魎-一> https://hd.stheadline.com/news/columns/1118/20201102/892992/專欄-暗網潛航-DDoS-三-魑魅魍魎-一>

 

엔드레스하우저 개발 보안 솔루션 ‘CPace’, IETF 권장 인터넷 보안 표준 선정 ['CPace' develops security solutions for Endresshauser, selected as IETF recommended Internet security standard]

글로벌 산업자동화 계기·솔루션 전문 기업 엔드레스하우저가 개발한 보안 솔루션 ‘CPace’가 IETF 권장 인터넷 보안 표준으로 선정됐다.

< <http://www.hellot.net/new_hellot/magazine/magazine_read.html?code=201&sub=004&idx=54855> http://www.hellot.net/new_hellot/magazine/magazine_read.html?code=201&sub=004&idx=54855>

< <http://www.kidd.co.kr/news/219201> http://www.kidd.co.kr/news/219201>

 

'찰나'에 가까운 네트워크 만든다 [Create a network close to'the moment']

네트워크 기술이 발전할수록 빠른 속도 못지않게 낮은 지연(레이턴시)이 중요하다. 원격진료, 자율주행차, 드론 등 산업 분야는 물론 가상현실(VR), 증강현실(AR) 등 초실감 서비스를 위해선 전달 지연을 최소화하는 기술이 필수적이다. 한국전자통신연구원(ETRI)은 전달 지연을 100만분의 4초(4㎲) 이하로 줄이는 기술을 개발했다. 최근 한국정보화진흥원과 SK텔레콤, 우리넷, 코위버와 함께 대전~서울 왕복 430㎞ 구간에서 세계 최초로 초저지연 전송기술을 시연했다. 국제인터넷표준화기구(IETF)에서 마련하고 있는 표준화 기술을 기반으로 했다.

< <https://www.hankyung.com/it/article/2020110982311> https://www.hankyung.com/it/article/2020110982311>

 

세종대학교 정보보호학과 이종혁 교수, 인터넷 표준화 기구 표준 문서 채택 [Professor Lee Jong-hyuk, Department of Information Protection at Sejong University, adopted standard documents from the Internet Standardization Organisation]

​​​​​​​[한국강사신문 한상형 기자] 세종대학교(총장 배덕효)는 정보보호학과 이종혁 교수(사진)가 연구한 ‘분산된 이동성 관리에 대한 인터넷 표준 문서(Request for Comments, RFC) 8818’이 인터넷 표준화 기구(Internet Engineering Task Force, IETF)에서 표준 문서로 제정됐다고 지난 30일 밝혔다. 

< <https://www.lecturernews.com/news/articleView.html?idxno=54959> https://www.lecturernews.com/news/articleView.html?idxno=54959>

 

**********************

SECURITY & PRIVACY

**********************

Why Paying to Delete Stolen Data is Bonkers

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway.

< <https://krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/> https://krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/>

 

October 2020’s Most Wanted Malware: Trickbot and Emotet Trojans Are Driving Spike in Ransomware Attacks

Our latest Global Threat Index for October 2020 has revealed the Trickbot and Emotet trojans continue to rank as the top two most prevalent malware in October, and that the trojans have been responsible for the sharp increase in ransomware attacks against hospitals and healthcare providers globally.

< <https://blog.checkpoint.com/2020/11/06/october-2020s-most-wanted-malware-trickbot-and-emotet-trojans-are-driving-spike-in-ransomware-attacks/> https://blog.checkpoint.com/2020/11/06/october-2020s-most-wanted-malware-trickbot-and-emotet-trojans-are-driving-spike-in-ransomware-attacks/>

 

us: CISA Releases Analysis Report on COVID-19 Impact to ICT Global Supply Chains

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an analysis report on the impact of COVID-19 on global supply chains. Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic examines how ICT supply chains have been logistically impacted by the pandemic and provides practical recommendations to increase supply chain resiliency from future risks.

< <https://www.cisa.gov/news/2020/11/06/cisa-releases-analysis-report-covid-19-impact-ict-global-supply-chains> https://www.cisa.gov/news/2020/11/06/cisa-releases-analysis-report-covid-19-impact-ict-global-supply-chains>

 

fr: Developments of the DNS and its protocols: Afnic publishes a set of tech resources on DoT and DoH

As a follow-up to the webinar entitled “How to create and test your DNS-over-TLS and DNS-over-HTTPS (DoT/DoH) resolver”, Afnic publishes the resources presented on this occasion.

< <https://www.afnic.fr/en/about-afnic/news/general-news/12370/show/developments-of-the-dns-and-its-protocols-afnic-publishes-a-set-of-tech-resources-on-dot-and-doh.html> https://www.afnic.fr/en/about-afnic/news/general-news/12370/show/developments-of-the-dns-and-its-protocols-afnic-publishes-a-set-of-tech-resources-on-dot-and-doh.html>

< <https://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/12358/show/evolutions-du-dns-et-ses-protocoles-l-afnic-publie-un-ensemble-de-ressources-sur-dot-et-doh.html> https://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/12358/show/evolutions-du-dns-et-ses-protocoles-l-afnic-publie-un-ensemble-de-ressources-sur-dot-et-doh.html> [French version]

 

Robocopy ridurrà la banda di rete necessaria per il trasferimento dei dati in rete locale [Robocopy will reduce the network bandwidth required to transfer data over the local network]

Microsoft annuncia un'importante modifica sull'utilità Robocopy: il trasferimento dei dati all'interno della LAN sarà più veloce ed efficace. Annunciato anche il supporto del protocollo QUIC da parte di SMB.

< <https://www.ilsoftware.it/articoli.asp?tag=Robocopy-ridurra-la-banda-di-rete-necessaria-per-il-trasferimento-dei-dati-in-rete-locale_22077> https://www.ilsoftware.it/articoli.asp?tag=Robocopy-ridurra-la-banda-di-rete-necessaria-per-il-trasferimento-dei-dati-in-rete-locale_22077>

 

Microsoft presenteert nieuwe functionaliteit voor Windows Server [Microsoft presents new functionality for Windows Server]

... Verder toonde Microsoft nog Server Message Block (SMB) over Quick UDP Internet Connections. (QUIC). QUIC is een protocol van Google en prestatieproblemen aanpakt wanneer het TCP-protocol datapakketjes laat vallen. Hierdoor wordt het verkeer bij het verplaatsen van data beperkt. Vooral kunnen hierdoor webpagina’s sneller laden, maar voor het sneller verplaatsen van TCP naar de cloud werkt dit nog niet.

< <https://www.techzine.nl/nieuws/infrastructure/448764/microsoft-presenteert-nieuwe-functionaliteit-voor-windows-server/> https://www.techzine.nl/nieuws/infrastructure/448764/microsoft-presenteert-nieuwe-functionaliteit-voor-windows-server/>

 

**********************

INTERNET OF THINGS

**********************

Vint Cerf - The Future of the Internet of Things: Desirable properties of an IoT ecosystem

Vint Cerf is widely known as a “Father of the Internet” and is the highly celebrated co-designer of TCP/IP protocols and Internet architectures. In his lecture, “The Future of the Internet of Things: Desirable properties of an IoT ecosystem”, Cerf discussed the benefits and the potential pitfalls of a massively automated world.

< <https://www.youtube.com/watch?v=d6uqO96Mw0E> https://www.youtube.com/watch?v=d6uqO96Mw0E>

< <https://www.bell-labs.com/watch/future-human-podcast-media/ep-13-future-internet-things-vint-cerfs-shannon-luminary-lecture/> https://www.bell-labs.com/watch/future-human-podcast-media/ep-13-future-internet-things-vint-cerfs-shannon-luminary-lecture/>

< <https://www.bell-labs.com/watch/shannon-luminary-lectures-media/vint-cerf-future-internet-things-desirable-properties-iot-ecosystem/> https://www.bell-labs.com/watch/shannon-luminary-lectures-media/vint-cerf-future-internet-things-desirable-properties-iot-ecosystem/>

 

How Australia can reap the benefits and dodge the dangers of the Internet of Things

The Internet of Things (IoT) is already all around us. Online devices have become essential in industries from manufacturing and healthcare to agriculture and environmental management, not to mention our own homes. Digital consulting firm Ovum estimates that by 2022 Australian homes will host more than 47 million IoT devices, and the value of the global market will exceed US$1 trillion.

< <https://theconversation.com/how-australia-can-reap-the-benefits-and-dodge-the-dangers-of-the-internet-of-things-149428> https://theconversation.com/how-australia-can-reap-the-benefits-and-dodge-the-dangers-of-the-internet-of-things-149428>

< <https://newsroom.unsw.edu.au/news/science-tech/how-australia-can-reap-benefits-and-dodge-dangers-internet-things> https://newsroom.unsw.edu.au/news/science-tech/how-australia-can-reap-benefits-and-dodge-dangers-internet-things>

 

**********************

OTHERWISE NOTEWORTHY

**********************

us: How the Election Impacts the Internet

To many Americans, the most important outcome of the 2020 elections is who becomes President of the United States, followed by which party controls Congress. But a much smaller number care deeply about the impact of these results on the federal bureaucracy, which is responsible for carrying out the will of Congress by making and enforcing regulations.

< <https://www.cagw.org/thewastewatcher/how-election-impacts-internet> https://www.cagw.org/thewastewatcher/how-election-impacts-internet>

 

Book Review: The Internet in Everything: Freedom and Security in a World with No Off Switch by Laura DeNardis

In The Internet in Everything: Freedom and Security in a World with No Off Switch, Laura DeNardis offers an exploration of the invisible, complex and concerning worldwide network of technologies often referred to as the Internet of Things, focusing particularly on the pressing issues of governance and jurisdiction. Courteney J. O’Connor highly recommends this well researched and impeccably written text to political scientists, security practitioners and scholars as well as the interested public.

< <https://blogs.lse.ac.uk/usappblog/2020/11/08/book-review-the-internet-in-everything-freedom-and-security-in-a-world-with-no-off-switch-by-laura-denardis/> https://blogs.lse.ac.uk/usappblog/2020/11/08/book-review-the-internet-in-everything-freedom-and-security-in-a-world-with-no-off-switch-by-laura-denardis/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home