[Newsclips] IETF SYN-ACK Newspack 2023-01-09

[David Goldstein <david@goldsteinreport.com>]

Hi IETF Participants!

 

The SYN-ACK Newspack is back for 2023 with all the news of the last 3 weeks. And just the usual reminder, the IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

Happy reading and I look forward to providing the weekly news summary throughout the year.

David

 

**********************

IETF IN THE NEWS

**********************

The Next Frontier in Priority Services Capabilities: Multimedia Applications and Information Services over Wi-Fi, Cellular, and Cable Networks

... As CISA works to realize the Phase 2 program objectives, it has engaged with various standards organizations (such as the 3rd Generation Partnership Project [3GPP], Alliance for Telecommunications Industry Solutions [ATIS], Institute of Electrical and Electronics Engineers [IEEE], and IETF [IETF]) and industry partners on standardizing priority access capabilities to reduce cost and promote the availability of interoperable capabilities in the market. CISA’s goal is to take advantage of priority access features that are specified in IEEE and in 3GPP.

< <https://www.cisa.gov/blog/2022/12/09/next-frontier-priority-services-capabilities-multimedia-applications-and> https://www.cisa.gov/blog/2022/12/09/next-frontier-priority-services-capabilities-multimedia-applications-and>

 

IETF 116

The annual IETF meeting, IETF 116, will be held from 25 until 31 March 2023 in Yokohama, Japan and online. The WIDE Project will host the meeting.

< <https://dig.watch/event/ietf-116> https://dig.watch/event/ietf-116>

 

What Is a Time-Based One-Time Password and Should You Use One?

... TOTPs include a string of dynamic numeric codes, usually between four and six digits, that change every 30 to 60 seconds. The IETF published TOTP, described in RFC 6238, and uses a standard algorithm to obtain a one-time password.

< <https://www.makeuseof.com/what-is-time-based-one-time-password/> https://www.makeuseof.com/what-is-time-based-one-time-password/>

< <https://www.msn.com/en-us/news/technology/what-is-a-time-based-one-time-password-and-should-you-use-one/ar-AA15Ia9p> https://www.msn.com/en-us/news/technology/what-is-a-time-based-one-time-password-and-should-you-use-one/ar-AA15Ia9p>

 

“Law by Law”: Your Guide to Cybersecurity Compliance in Singapore

... The Infocomm Media Development Authority (IMDA) published the Telecommunications Cybersecurity Code of Practice to enhance cybersecurity preparedness for designated licensees. The Codes are currently imposed on major Internet Service Providers (“ISP”) in Singapore for mandatory compliance, and was formulated using international standards and best practices including the ISO / IEC 27011 and IETF Best Current Practices.

< <https://logrhythm.com/blog/guide-to-cybersecurity-compliance-in-singapore/> https://logrhythm.com/blog/guide-to-cybersecurity-compliance-in-singapore/>

< <https://securityboulevard.com/2023/01/law-by-law-your-guide-to-cybersecurity-compliance-in-singapore/> https://securityboulevard.com/2023/01/law-by-law-your-guide-to-cybersecurity-compliance-in-singapore/>

 

9 Reasons Blockchain Projects Fail (And How to Succeed)

... Finally, you need data object alignment. Of course, it makes sense that everyone in a network should be speaking the same language when exchanging data. Look for a blockchain SaaS platform that is data object agnostic and can cope with any asset or event captured as a JSON document. Some platforms offer templates suggesting how to get started quickly rather than starting from a blank page in a command line. IETF standards are emerging, such as supply chain integrity, transparency and trust (SCITT), that will help harmonize witness statements recorded in ledgers.

< <https://securityboulevard.com/2023/01/9-reasons-blockchain-projects-fail-and-how-to-succeed/> https://securityboulevard.com/2023/01/9-reasons-blockchain-projects-fail-and-how-to-succeed/>

 

What is TLS and how does it work?

... TLS was developed by the IETF in 1999 as a replacement for SSL. TLS is based on SSL but includes a number of security enhancements that make it more effective at protecting data.

< <https://www.techradar.com/features/what-is-tls-and-how-does-it-work> https://www.techradar.com/features/what-is-tls-and-how-does-it-work>

 

After Samsung and OPPO, Huawei announces a cross patent deal with Nokia

... Huawei currently owns about 10% of the world’s 4G patents. The company also owns about 20% of 5G, Wi-Fi 6 and H.266 patents. Also, it owns about 30% of OTN and 10G PON patents and about 20% of IETF patents.

< <https://www.gizchina.com/2022/12/23/after-samsung-and-oppo-huawei-announces-a-cross-patent-deal-with-nokia/> https://www.gizchina.com/2022/12/23/after-samsung-and-oppo-huawei-announces-a-cross-patent-deal-with-nokia/>

 

Fastly Commitment, Failing Office, Free Replacements Advance Open Source

... Its support for open-source projects includes the H20 project, wit-bindgen, and Pushpin. Also, Fastly is involved with organizations such as IETF and W3C to contribute to various open-source protocols and standards.

< <https://www.linuxinsider.com/story/fastly-commitment-failing-office-free-replacements-advance-open-source-176792.html> https://www.linuxinsider.com/story/fastly-commitment-failing-office-free-replacements-advance-open-source-176792.html>

 

These EIPs Can Change Ethereum: Comprehensive Guide

... Ethereum (ETH) inherited the concept of improvement proposals from Bitcoin (BTC), the first cryptocurrency. Bitcoin (BTC), in turn, takes it from the “Request for Comments” (RFC) mechanism of proposals used to improve the Internet by the IETF.

< <https://u.today/guides/these-eips-can-change-ethereum-comprehensive-guide> https://u.today/guides/these-eips-can-change-ethereum-comprehensive-guide>

 

DT helps developers to get rid of the 5G jitters

... L4S is a 5G feature based on IETF standardisation that is designed to deliver consistent low latency for time-critical applications, such as augmented and virtual reality. The technology manages latency by signalling to an application server when there is congestion in the RAN so that the application bit-rate can be adapted to avoid delays for users.

< <https://www.telcotitans.com/deutsche-telekomwatch/dt-helps-developers-to-get-rid-of-the-5g-jitters/5951.article> https://www.telcotitans.com/deutsche-telekomwatch/dt-helps-developers-to-get-rid-of-the-5g-jitters/5951.article>

 

Las 10 reglas básicas de la netiqueta: ¿por qué nos hablamos tan mal en internet? [The 10 basic rules of netiquette: why do we talk so badly on the internet?]

... Hay una reflexión generalizada en la sociedad sobre cómo internet desprende cierta crispación en comentarios que jamás se pronunciarían en persona. Sin embargo, no todo el mundo sabe qué es la netiqueta, un protocolo ideado ya en 1995 por el Grupo de Trabajo de Ingeniería de Internet (IETF por sus siglas en inglés) para proporcionar sosiego y respeto a nuestras relaciones cibernéticas. Ahora, muchos psicólogos acuden a ese decálogo ante los problemas que detectan por esa falta de respeto.

< <https://www.elmundo.es/vida-sana/bienestar/2023/01/09/63b96e39fc6c83f8788b45cf.html> https://www.elmundo.es/vida-sana/bienestar/2023/01/09/63b96e39fc6c83f8788b45cf.html>

 

Bewerbung für »Board Of Trustees« bei der Internet Society eröffnet [Application for »Board Of Trustees« at the Internet Society open]

Sie wollen im Jahr 2023 nochmals richtig durchstarten? Dann haben wir möglicherweise etwas für Sie: Die ISOC (Internet Society) bittet um Bewerbungen für ihr »Board of Trustees«. Gegründet 1992 im japanischen Kōbe, ist die ISOC als gemeinnützige Nichtregierungsorganisation für die Pflege und Weiterentwicklung der Internetinfrastruktur zuständig. Die mittlerweile über 88.000 Mitglieder sind verpflichtet, zur weltweiten Verbreitung des Internets beizutragen und dessen Fortbestehen zu garantieren. Dazu zählt unter anderem die Veröffentlichung der sogenannten Request for Comments (RFCs), in denen die Internetstandards definiert werden. An der Spitze der rund 100 Mitarbeiter steht das 15-köpfige »Board of Trustees«, dessen Mitglieder von den Chaptern, den Organization Members und der IETF ernannt bzw. gewählt werden. Die Statuten sehen vor, dass jährlich vier Mitglieder des »Board of Trustees« neu bestimmt werden. 2023 können die Organization Members und die IETF jeweils ein Mitglied neu bestimmen, die Chapter deren zwei. Alle neuen Mitglieder im »Board of Trustees« erwartet eine Amtsdauer von drei Jahren, die nach einer Einführung im Juni 2023 mit der ISOC-Generalversammlung beginnt.

< <https://domain-recht.de/internet-politik/sonstiges-internet-politik/isoc-bewerbung-fuer-board-of-trustees-bei-der-internet-society-eroeffnet-68729.html> https://domain-recht.de/internet-politik/sonstiges-internet-politik/isoc-bewerbung-fuer-board-of-trustees-bei-der-internet-society-eroeffnet-68729.html>

 

Que sont les adresses IP privées ? [What are private IP addresses?]

... L’IETF a demandé à l’Internet Assigned Numbers Authority (IANA) de réserver les plages d’adresses IPv4 suivantes pour les réseaux privés, comme publié dans le RFC 1918.

< <https://www.journaldufreenaute.fr/que-sont-les-adresses-ip-privees/> https://www.journaldufreenaute.fr/que-sont-les-adresses-ip-privees/>

 

GnuPG 2.4 lançado com melhorias de desempenho, e muito mais [GnuPG 2.4 released with performance improvements, and more]

... GNU Privacy Guard é um software livre e uma alternativa ao conjunto de softwares criptográficos PGP da Symantec, e em conformidade com o RFC 4880, a especificação de rastreio de padrões IETF do OpenPGP.

< <https://www.edivaldobrito.com.br/gnupg-2-4-lancado-com-melhorias-de-desempenho-e-muito-mais/> https://www.edivaldobrito.com.br/gnupg-2-4-lancado-com-melhorias-de-desempenho-e-muito-mais/>

 

Mời doanh nghiệp tham gia Hội chợ Máy móc thiết bị & Công nghệ quốc tế tại Ấn Độ lần thứ 25 [Invite businesses to participate in the 25th International Machinery & Technology Fair in India]

... Hội chợ Máy móc thiết bị & Công nghệ Quốc tế (IETF 2023) là triển lãm hàng đầu về công nghệ và máy móc thiết bị, điện tử, hàng cơ khí… được tổ chức hai năm một lần kể từ năm 1975 đến nay. Đây là một sự kiện trao đổi giữa các doanh nghiệp (B2B) có uy tín quốc tế, bao gồm các hiệp hội toàn cầu.

< <https://thuonghieucongluan.com.vn/moi-doanh-nghiep-tham-gia-hoi-cho-may-moc-thiet-bi-cong-nghe-quoc-te-tai-an-do-lan-thu-25-a186732.html> https://thuonghieucongluan.com.vn/moi-doanh-nghiep-tham-gia-hoi-cho-may-moc-thiet-bi-cong-nghe-quoc-te-tai-an-do-lan-thu-25-a186732.html>

 

[포럼] 국제표준기반 메타버스 생태계 필요하다 [[Forum] International standards-based metaverse ecosystem is needed]

... 메타버스는 네트워크부터 응용 기술에 이르기까지 수많은 영역 기술들의 결합과 상호연계를 통해 실현된다. 관련 표준화 이슈 역시 수많은 단체에서 논의 중이다. 3GPP(이동망 기술), IETF(인터넷 기술), W3C(웹 기술) 등 주요 사실표준화단체에서는 최근 이동망, 인터넷망, 웹 서비스 환경 등에서 메타버스 서비스의 효율적 지원을 위한 표준화 이슈가 본격 논의되기 시작했다.

< <http://www.dt.co.kr/contents.html?article_no=2023010602102369073001> http://www.dt.co.kr/contents.html?article_no=2023010602102369073001>

 

DNSの代表的な弱点「メッセージ圧縮機能」――その理由と現状を振り返り、今後の針路を考える [A typical weakness of DNS, the message compression function: Looking back on the reasons and current situation and thinking about the future course]

... この考えは当時としては合理的であったが、悪意の存在を想定していなかったことが後に問題となるセキュリティ上の不備や不具合・脆弱性の要因となり、現在もDNSに携わるさまざまな関係者がそれぞれの立場で、その解決に取り組んでいる。インターネット技術の標準化を推進するIETFにおいても、それは例外ではない。 

< <https://internet.watch.impress.co.jp/docs/event/1466632.html> https://internet.watch.impress.co.jp/docs/event/1466632.html>

 

セキュリティープロトコル「TLS」の古いバージョンが使用禁止に、なぜ危ないのか [Why is it dangerous to ban old versions of the security protocol "TLS"?]

... SSLは業界標準（デファクトスタンダード）として広く使われていたが、IETFが定めたいわゆるインターネット標準ではない。SSLの仕様はインターネットドラフトとして公開され、それを基に各社はSSLを実装していた。

< <https://xtech.nikkei.com/atcl/nxt/column/18/02306/121900001/> https://xtech.nikkei.com/atcl/nxt/column/18/02306/121900001/>

 

**********************

SECURITY & PRIVACY

**********************

CES 2023: Robust Cybersecurity Necessary as Connectivity Grows

As connectivity becomes central to ever more facets of life, cybersecurity standards must evolve to protect consumers devices “by design” and “by default,” said Billy Bob Brown, Jr., executive assistant director for emergency communications at Homeland Security’s Cybersecurity and Infrastructure Security Agency.

< <https://broadbandbreakfast.com/2023/01/ces-2023-robust-cybersecurity-necessary-as-connectivity-grows/> https://broadbandbreakfast.com/2023/01/ces-2023-robust-cybersecurity-necessary-as-connectivity-grows/>

 

The Cyber Liability Fight Begins

Third-party liability for cybersecurity failures just got a lot more real. For years, observers of cybersecurity practices have noted a systematic underinvestment in cybersecurity by various enterprises. Critical to explaining that gap was the twofold reality of cybersecurity externalities (your failures affect me) and liability disclaimers (as, for example, in the shrink-wrap contracts you agree to when you open the software box) that prevented adversely impacted third parties from seeking legal redress for the impacts on their work arising from the alleged negligent security of others. To use a real world example, when Colonial Pipeline went down, they owed no money to their downstream partners even though many of them suffered significant economic damage because of Colonial Pipeline’s lax (dare we say negligent) approach to its own cybersecurity.

< <https://www.lawfareblog.com/cyber-liability-fight-begins> https://www.lawfareblog.com/cyber-liability-fight-begins>

 

Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks

Check Point Research (CPR) releases new data on 2022 cyberattack trends. The data is segmented by global volume, industry and geography. Global cyberattacks increased by 38% in 2022, compared to 2021. These cyberattack numbers were driven by smaller, more agile hacker and ransomware gangs, who focused on exploiting collaboration tools used in work-from-home environments, targeting of education institutions that shifted to e-learning post COVID-19. This increase in global cyberattacks also stems from hacker interest in healthcare organizations, which saw the largest increase in cyberattacks in 2022, when compared to all other industries. CPR warns that the maturity of AI technology, such as CHATGPT, can accelerate the number of cyberattacks in 2023.

< <https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/> https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/>

 

What the Russian Invasion Reveals About the Future of Cyber Warfare

The war in Ukraine is the largest military conflict of the cyber age and the first to incorporate such significant levels of cyber operations on all sides. Below, Carnegie Endowment experts Jon Bateman, Nick Beecroft, and Gavin Wilde discuss the key insights from their new series, “Cyber Conflict in the Russia-Ukraine War.”

< <https://carnegieendowment.org/2022/12/19/what-russian-invasion-reveals-about-future-of-cyber-warfare-pub-88667> https://carnegieendowment.org/2022/12/19/what-russian-invasion-reveals-about-future-of-cyber-warfare-pub-88667>

 

us: Our Experts' Top Cybersecurity Predictions for 2023

A vulnerability in Log4j software library...an increase in the potential for Russian cyber attacks...a more commercialized cybercrime landscape...these are just some of the developments we saw in 2022. Without question, they've exposed new risks for your organization. But they've also sparked new ideas and conversations around where cybersecurity as an industry is heading...and where it needs to go next.

< <https://www.cisecurity.org/insights/blog/our-experts-top-cybersecurity-predictions-for-2023> https://www.cisecurity.org/insights/blog/our-experts-top-cybersecurity-predictions-for-2023>

 

Winning Cybersecurity Paper Addresses Algorithm Accuracy

The 10th Annual Best Scientific Cybersecurity Paper Competition recognizes the best foundational cybersecurity paper published in 2021. The winning paper, “Verifying Hyperproperties with Temporal Logic of Actions (TLA),” authored by Leslie Lamport and Fred B. Schneider, from Microsoft Research and Cornell University respectively, answers a key question: How can you ensure that a computer algorithm is correct?

< <https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3259494/winning-cybersecurity-paper-addresses-algorithm-accuracy/> https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3259494/winning-cybersecurity-paper-addresses-algorithm-accuracy/>

 

nl: Web hoster xel implements modern internet security standards

Just over a year ago, web hosting service provider xel implemented DNSSEC security for domain names, followed by the anti-spam standards SPF, DKIM and DMARC.

< <https://www.sidn.nl/en/news-and-blogs/web-hoster-xel-implements-modern-internet-security-standards> https://www.sidn.nl/en/news-and-blogs/web-hoster-xel-implements-modern-internet-security-standards>

 

**********************

INTERNET OF THINGS

**********************

CES 2023: Cybersecurity for IoT Devices Should be Market-Driven

Cybersecurity protocols for Internet of Things devices should be industry-driven, Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, said Friday at the Consumer Electronics Show 2023.

< <https://broadbandbreakfast.com/2023/01/ces-2023-cybersecurity-for-iot-devices-should-be-market-driven/> https://broadbandbreakfast.com/2023/01/ces-2023-cybersecurity-for-iot-devices-should-be-market-driven/>

 

Digital beekeeping - using technology to support pollination and help save the bees

A mobile-based Internet of Things (IoT) system is helping farmers support one of humanity’s biggest food chain benefactors: the humble - but absolutely vital - bee.

< <https://diginomica.com/digital-beekeeping-using-technology-support-pollination-and-help-save-bees> https://diginomica.com/digital-beekeeping-using-technology-support-pollination-and-help-save-bees>

 

Why the internet of things (IoT) must pivot to achieve health care potential [PODCAST]

< <https://www.kevinmd.com/2023/01/why-the-internet-of-things-iot-must-pivot-to-achieve-health-care-potential-podcast.html> https://www.kevinmd.com/2023/01/why-the-internet-of-things-iot-must-pivot-to-achieve-health-care-potential-podcast.html>

 

Internet of Things: What is it? How to know Standards?

The evolution of the Internet has occurred in waves. The initial three waves were focused on the device. Initially, we accessed the Internet via a machine, often a desktop computer. As mobile computing progressed, we could soon take our own gadgets everywhere and at any time to access the Internet.

< <https://latesthackingnews.com/2023/01/02/internet-of-things-what-is-it-how-to-know-standards/> https://latesthackingnews.com/2023/01/02/internet-of-things-what-is-it-how-to-know-standards/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

How to Get Started with HTTP/3

... What Does Connectivity Have to Do with HTTP/3? To answer that, let’s dive into why I missed seeing that goal. HTTP/3 is based on QUIC (Quick UDP Internet Connections), and thus UDP, rather than transmission control protocol (TCP), and TCP’s limitations are what caused my streaming video problems.

< <https://thenewstack.io/how-to-get-started-with-http3/> https://thenewstack.io/how-to-get-started-with-http3/>

 

Cloudflare盤點2023年HTTP發展重點 [Cloudflare takes stock of HTTP development priorities for 2023]

HTTP工作組在2023年的發展重點，除了進行中的QUERY方法和可恢復上傳功能外，還會著重發展Media over QUIC

< <https://www.ithome.com.tw/news/154976> https://www.ithome.com.tw/news/154976>

 

**********************

OTHERWISE NOTEWORTHY

**********************

W3C Board of Directors successfully brokered MIT Asset Transfer Agreement

Following its formation on 20 October, the W3C Board of Directors is pleased to have reached an agreement with MIT that transfers assets at MIT to World Wide Web Consortium, Inc. The Web Consortium continues its mission to lead the web to its full potential by developing standards for an open and equitable web.

< <https://www.w3.org/blog/news/archives/9801> https://www.w3.org/blog/news/archives/9801>

 

First Public Working Draft: Compute Pressure Level 1

The Devices and Sensors Working Group has published a First Public Working Draft of Compute Pressure Level 1. This specification provides a way for websites to react to changes in the CPU pressure of the target device, such that websites can trade off resources for an improved user experience. The Level 1 version of the specification supports CPU pressure source type.

< <https://www.w3.org/blog/news/archives/9799> https://www.w3.org/blog/news/archives/9799>

 

First Public Working Draft: Web Locks API

The Web Applications Working Group has published a First Public Working Draft of Web Locks API. This document defines a web platform API that allows script to asynchronously acquire a lock over a resource, hold it while work is performed, then release it. While held, no other script in the origin can acquire a lock over the same resource. This allows contexts (windows, workers) within a web application to coordinate the usage of resources.

< <https://www.w3.org/blog/news/archives/9806> https://www.w3.org/blog/news/archives/9806>

 

W3C Invites Implementations of WAI-Adapt: Symbols Module

The Accessible Platform Architectures (APA) WAI-Adapt Task Force (WAI-Adapt) invites implementation and welcomes comment on the Candidate Recommendation of the WAI-Adapt: Symbols Module. The purpose of this specification is to support Augmentative and Alternative Communication (AAC) symbols in web content.

< <https://www.w3.org/blog/news/archives/9803> https://www.w3.org/blog/news/archives/9803>

 

Dr. Jeffrey Jaffe steps down as W3C CEO; Ralph Swick appointed Interim CEO

Dr. Jeffrey Jaffe addressing an audience After serving as W3C Chief Executive Officer for 12 years, Dr. Jeffrey Jaffe stepped down. From March 2010 till December 2022, Jeff led the Consortium with purpose and skills informed by several different careers as a researcher, manager, and executive, for a succession of organizations. He was responsible for all of W3C’s global operations, for maintaining the interests of all of W3C’s stakeholders, and for sustaining a culture of cooperation and transparency, so that W3C continues to be the leading forum for the technical development and stewardship of the Web.

< <https://www.w3.org/blog/news/archives/9776> https://www.w3.org/blog/news/archives/9776>

 

Strata Identity Joins the World Wide Web Consortium (W3C) [news release]

Strata Identity, the Identity Orchestration company, today announced it has joined the World Wide Web Consortium (W3C), an international community where members, staff, and the public work together to develop technology solutions and shape the future of the web. As a member, Strata joins the ranks of some of the most innovative cloud and security partners in the world, including AWS, Google, and Microsoft.

< <https://apnews.com/article/technology-science-internet-business-wire-57ea0946adcb432bb823de04efbafe0d> https://apnews.com/article/technology-science-internet-business-wire-57ea0946adcb432bb823de04efbafe0d>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home