[Newsclips] IETF SYN-ACK Newspack 2023-08-14

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

How CSPs Can Manage Metadata Privacy Concerns

... Unlike the OTTs, which are close to monopolies in their market segments, different CSP networks interwork to provide the end-to-end service (which is why the aggregate is called "the internet"). This only works due to protocol standardization by such organizations as the IETF and the ITU.

< <https://www.forbes.com/sites/forbestechcouncil/2023/08/10/how-csps-can-manage-metadata-privacy-concerns/> https://www.forbes.com/sites/forbestechcouncil/2023/08/10/how-csps-can-manage-metadata-privacy-concerns/>

 

Post quantum encryption cannot wait for standard processes to unfold

... The encryption establishment knows quite well how to update encryption and related security standards. From modifying crypto libraries (i.e., Libcrypt, StongSwan, OpenSSL, CryptoLib), to creating secure boot and Operating Systems and improving key management, the community has continuously hardened its security posture. The entities that participated with the Internet Engineering Task Force to create the Transport Layer Security (TLS) protocol (RFC 8466), the one that is used by virtually every browser and mobile device in the world, have successfully advanced from TLS 1.1 to 1.2 and now 1.3. Each release has brought significant improvements in security and fixes to earlier problems.

< <https://www.securityinfowatch.com/cybersecurity/information-security/encryption-solutions/article/53068435/post-quantum-encryption-cannot-wait-for-standard-processes-to-unfold> https://www.securityinfowatch.com/cybersecurity/information-security/encryption-solutions/article/53068435/post-quantum-encryption-cannot-wait-for-standard-processes-to-unfold>

 

Google's BBRv3 TCP Congestion Control Showing Great Results, Will Be Upstreamed To Linux

... Google engineers presented at the IETF 117 event in San Francisco at the end of July. BBRv3 incorporates various fixes and algorithm updates.

< <https://www.phoronix.com/news/Google-BBRv3-Linux> https://www.phoronix.com/news/Google-BBRv3-Linux>

 

What is SSL and Why it is Important?

... SSL had numerous issues, and the Internet Engineering Task Force (IETF) stopped recommending its use in 2015.

< <https://cybersecuritynews.com/what-is-ssl/> https://cybersecuritynews.com/what-is-ssl/>

 

ETRI Sets International Standards for NFC-Based Internet Communication

... ETRI remains actively engaged in standardization activities within international bodies like IETF and ITU-T, striving to establish IoT-related international standards through the Ministry of Science and ICT's Information and Communication Standard Development Support Project.

< <https://www.koreaittimes.com/news/articleView.html?idxno=124254> https://www.koreaittimes.com/news/articleView.html?idxno=124254>

 

Rohde & Schwarz Pioneers 5G Next-Gen eCall Test Cases

... The European Commission initiative to update the eCall standards and legislation to transition eCall to 4G and 5G networks is already active. The automotive industry needs NGeCall test solutions to deliver eCall modules that include the new NGeCall functions. The modules have to comply with Technical Specification CEN TS17240, which refers to the protocol conformance test cases and specifies additional end-to-end conformance test cases for eCall as stipulated by 3GPP and the Internet Engineering Task Force.

< <https://www.thefastmode.com/technology-solutions/32958-rohde-schwarz-pioneers-5g-next-gen-ecall-test-cases> https://www.thefastmode.com/technology-solutions/32958-rohde-schwarz-pioneers-5g-next-gen-ecall-test-cases>


Designing and implementing secure boot for military-grade systems

... The IETF SUIT [Internet Engineering Task Force Software Updates for Internet of Things] specification for secure boot has been standardized in RFC9019, and it provides a comprehensive approach to designing secure bootloaders and firmware updates.

< <https://militaryembedded.com/cyber/cybersecurity/designing-and-implementing-secure-boot-for-military-grade-systems> https://militaryembedded.com/cyber/cybersecurity/designing-and-implementing-secure-boot-for-military-grade-systems>

 

The Future of Audio Compression: How Global Audio Codecs are Revolutionizing Telecommunications

... One of the most promising global audio codecs is Opus, which was developed by the Internet Engineering Task Force (IETF). Opus is designed to handle a wide range of audio applications, from VoIP (Voice over Internet Protocol) to music streaming. It offers superior audio quality at lower bit rates compared to traditional codecs, and it is highly efficient, requiring less computational power to encode and decode audio data.

< <https://fagenwasanni.com/news/the-future-of-audio-compression-how-global-audio-codecs-are-revolutionizing-telecommunications/50121/> https://fagenwasanni.com/news/the-future-of-audio-compression-how-global-audio-codecs-are-revolutionizing-telecommunications/50121/>

 

The Role of U.S. Hardware in Advancing Telecommunication Networks

... Furthermore, the U.S. hardware industry plays a crucial role in setting standards for telecommunication networks. Through organizations such as the Institute of Electrical and Electronics Engineers (IEEE) and the Internet Engineering Task Force (IETF), U.S. tech companies contribute to the development of protocols and standards that govern the operation of these networks. This ensures interoperability between different devices and networks, which is essential for the smooth functioning of the global telecommunication infrastructure.

< <https://fagenwasanni.com/news/the-role-of-u-s-hardware-in-advancing-telecommunication-networks/46074/> https://fagenwasanni.com/news/the-role-of-u-s-hardware-in-advancing-telecommunication-networks/46074/>

 

Understanding the Role of Blockchain in Digital Content Security

... The IETF Supply Chain Integrity Transparency and Trust work group has developed an architecture and open-source software that utilizes blockchain to create, maintain, and share integrity data about digital content. This adds an essential element of transparency and non-repudiation, allowing parties to determine the trustworthiness of digital content.

< <https://fagenwasanni.com/ai/understanding-the-role-of-blockchain-in-digital-content-security/181071/> https://fagenwasanni.com/ai/understanding-the-role-of-blockchain-in-digital-content-security/181071/>

 

« IPv6 est un désastre, mais nous pouvons y remédier », le retour d'expérience d'un ingénieur DevOps, ["IPv6 is a disaster, but we can fix it," feedback from a DevOps engineer,]

... IPv6 (IP version 6), défini dans le RFC 2460, est la dernière génération du protocole Internet (IP) définie par l'IETF (Internet Engineering Task Force). La première version stable du protocole internet (IP) était IPv4 (IP version 4). Alors que l'IPv6 est destiné à remplacer à terme l'IPv4, les deux sont étroitement liés à l'heure actuelle - la plupart des ingénieurs les utilisent ensemble.

< <https://reseau.developpez.com/actu/347130/-IPv6-est-un-desastre-mais-nous-pouvons-y-remedier-le-retour-d-experience-d-un-ingenieur-DevOps-l-IPv6-serait-une-revolution-incontournable-mais-mal-preparee/> https://reseau.developpez.com/actu/347130/-IPv6-est-un-desastre-mais-nous-pouvons-y-remedier-le-retour-d-experience-d-un-ingenieur-DevOps-l-IPv6-serait-une-revolution-incontournable-mais-mal-preparee/>

 

Controle de congestionamento TCP BBRv3 do Google mostra ótimos resultados e fará parte do Linux [Google's BBRv3 TCP Congestion Control Shows Great Results and Will Be Part of Linux]

... Os engenheiros do Google fizeram uma apresentação no evento IETF 117 em São Francisco no final de julho. BBRv3 incorpora várias correções e atualizações de algoritmo. 

< <https://sempreupdate.com.br/controle-de-congestionamento-tcp-bbrv3-do-google-mostra-otimos-resultados-e-fara-parte-do-linux/> https://sempreupdate.com.br/controle-de-congestionamento-tcp-bbrv3-do-google-mostra-otimos-resultados-e-fara-parte-do-linux/>

 

Bližje pogovorom med WhatsAppom in Viberjem, a še vedno kar daleč [Closer to the conversations between WhatsApp and Viber, but still quite far away]

... Medtem pa Internetna skupina za standarde (Internet Engineering Task Force, IETF) razvija protokol MIMI (More Instant Messaging Interoperability), ki naj bi zagotovil varno komunikacijo med uporabniki različnih storitev. Vključno s šifriranjem od začetka do konca, drugo pomembno postavko v celotni zgodbi.

< <https://tehnozvezdje.si/blizje-pogovorom-med-whatsappom-in-viberjem-a-se-vedno-kar-dalec/> https://tehnozvezdje.si/blizje-pogovorom-med-whatsappom-in-viberjem-a-se-vedno-kar-dalec/>

 

ETRI, NFC기반 인터넷 통신 국제표준 제정 [ETRI establishes international standard for NFC-based Internet communication]

... 한국전자통신연구원(ETRI)은 지난달 21일, 국제인터넷표준화기구(IETF)에서 사물인터넷 저전력 통신기술인 『근거리무선통신(NFC) 기반 인터넷 통신기술』 표준(RFC 9428)이 국제표준으로 최종 제정되었다고 밝혔다.

< <http://www.newstap.co.kr/news/articleView.html?idxno=200801> http://www.newstap.co.kr/news/articleView.html?idxno=200801>

< <http://www.ccnnews.co.kr/news/articleView.html?idxno=304340> http://www.ccnnews.co.kr/news/articleView.html?idxno=304340>

< <http://www.datanet.co.kr/news/articleView.html?idxno=186122> http://www.datanet.co.kr/news/articleView.html?idxno=186122>

 

[사이언스게시판] ETRI ‘NFC 기반 인터넷 통신’ 국제표준 제정 [[Science Bulletin] Establishment of the International Standard for 'NFC-based Internet Communication' by ETRI]

... 한국전자통신연구원(ETRI)은 지난달 21일 국제인터넷표준화기구(IETF)에서 사물인터넷 저전력 통신기술인 ‘근거리무선통신(NFC) 기반 인터넷 통신기술’ 표준이 국제표준으로 최종 제정됐다고 10일 밝혔다. NFC는 그동안 주로 10cm 이내 근거리 기기나 장치 간 통신에 쓰여왔으며, 광범위한 인터넷 통신기술로는 사용되지 않았다. 

< <https://www.dongascience.com/news.php?idx=61151> https://www.dongascience.com/news.php?idx=61151>

 

근거리무선통 기술, 인터넷 통신으로 쓴다…토종 기술로 `국제표준` 제정 [It is used as a short-range wireless communication technology, Internet communication... Establishing 'international standards' with indigenous technology]

... 한국전자통신연구원(ETRI)은 최근 국제인터넷표준화기구(IETF)에서 사물인터넷 저전력 통신기술인 'NFC 기반 인터넷 통신기술'에 관한 표준이 국제표준으로 최종 제정됐다고 10일 밝혔다.

< <https://www.dt.co.kr/contents.html?article_no=2023081002109931731002> https://www.dt.co.kr/contents.html?article_no=2023081002109931731002>

 

[#IT라운지] U+차량검지기 'ITS 최상급'·KT 'M-BcN'·SKT '6G 백서' [[#IT라운지] U+ Vehicle Detector 'ITS Superlative' · KT 'M-BcN'· SKT '6G White Paper']

... 국제인터넷표준화기구(IETF)에서 '근거리무선통신(NFC) 기반 인터넷 통신기술' 표준(RFC 9428)이 국제표준으로 제정됐고 플래티어가 개인화 상품 추천 관련 검색어 추천 장치, 방법 및 기록매체 특허를 등록했다.

< <https://www.newsworks.co.kr/news/articleView.html?idxno=723922> https://www.newsworks.co.kr/news/articleView.html?idxno=723922>

 

**********************

SECURITY & PRIVACY

**********************

How manufacturers can navigate cybersecurity regulations amid NIST 2.0

The National Institute of Standards and Technology (NIST) released a discussion draft for possible Cybersecurity Framework (CSF) changes earlier this year. The proposed changes aim to help increase the CSF’s clarity and bring the updated version closer to national and international cybersecurity standards and practices.

< <https://www.helpnetsecurity.com/2023/08/14/cybersecurity-regulations-nist-2-0-video/> https://www.helpnetsecurity.com/2023/08/14/cybersecurity-regulations-nist-2-0-video/>

 

US FCC Workshop Highlights Routing Security

On 31 July, the United States Federal Communications Commission held a Border Gateway Protocol Security Workshop that highlighted the importance of addressing BGP vulnerabilities and securing Internet routing.

< <https://www.manrs.org/2023/08/us-fcc-workshop-highlights-routing-security/> https://www.manrs.org/2023/08/us-fcc-workshop-highlights-routing-security/>

 

us: DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software

At Black Hat USA 2023, DARPA issued a call to top computer scientists, AI experts, software developers, and beyond to participate in the AI Cyber Challenge (AIxCC) – a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tools.

< <https://www.darpa.mil/news-events/2023-08-09> https://www.darpa.mil/news-events/2023-08-09>

 

White House launches AI-based contest to secure government systems from hacks

The White House on Wednesday said it had launched a multimillion-dollar cyber contest to spur use of artificial intelligence (AI) to find and fix security flaws in U.S. government infrastructure, in the face of growing use of the technology by hackers for malicious purposes.

< <https://www.reuters.com/technology/white-house-launches-ai-based-contest-secure-government-systems-hacks-2023-08-09/> https://www.reuters.com/technology/white-house-launches-ai-based-contest-secure-government-systems-hacks-2023-08-09/>

 

CISA: New Whirlpool backdoor used in Barracuda ESG hacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered that the backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices. ... "The malware takes two arguments (C2 IP and port number) from a module to establish a Transport Layer Security (TLS) reverse shell."

< <https://www.bleepingcomputer.com/news/security/cisa-new-whirlpool-backdoor-used-in-barracuda-esg-hacks/> https://www.bleepingcomputer.com/news/security/cisa-new-whirlpool-backdoor-used-in-barracuda-esg-hacks/>

 

Whirlpool malware rips open old Barracuda wounds

CISA has found yet another backdoor malware variant in compromised Barracuda systems with zero-day ESG vulnerability. ... While Seapsy is a known, persistent, and passive Barracuda offender masquerading as a legitimate Barracuda service "BarracudaMailService" that allows the threat actors to execute arbitrary commands on the ESG appliance, Whirlpool backdooring is a new offensive used by attackers who established a Transport Layer Security (TLS) reverse shell to the Command-and-Control (C2) server.

< <https://www.csoonline.com/article/649348/whirlpool-malware-rips-open-old-barracuda-wounds.html> https://www.csoonline.com/article/649348/whirlpool-malware-rips-open-old-barracuda-wounds.html>

 

CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign

Security researchers have discovered a third novel backdoor that was used in attacks on users of Barracuda ESG appliances recently. ... “The malware takes two arguments (C2 IP and port number) from a module to establish a Transport Layer Security (TLS) reverse shell. The module that passes the arguments was not available for analysis.”

< <https://www.infosecurity-magazine.com/news/whirlpool-backdoor-barracuda-esg/> https://www.infosecurity-magazine.com/news/whirlpool-backdoor-barracuda-esg/>

 

Verisign Will Help Strengthen Security with DNSSEC Algorithm Update

As part of Verisign’s ongoing effort to make global internet infrastructure more secure, stable, and resilient, we will soon make an important technology update to how we protect the TLDs we operate. The vast majority of internet users won’t notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of DNS security measures.

< <https://blog.verisign.com/security/dnssec-algorithm-update/> https://blog.verisign.com/security/dnssec-algorithm-update/>

 

**********************

INTERNET OF THINGS

**********************

Cisco to boost internet of things offer with Working Group Two

Cisco has revealed its intent to acquire Working Group Two (WG2), a Norwegian company that is said to have pioneered a cloud-native mobile services platform that’s fully application programming interface (API)-consumable and highly programmable.

< <https://www.computerweekly.com/news/366547974/Cisco-to-boost-internet-of-things-offer-with-Working-Group-Two> https://www.computerweekly.com/news/366547974/Cisco-to-boost-internet-of-things-offer-with-Working-Group-Two>

 

5 Things to Know About Internet of Things Security

The way we connect with the world around us has been completely transformed by the Internet of Things (IoT). The urgent need to ensure the security and safety of our data is brought on by this growing connectedness, though. We’ll explore five essential IoT security aspects in this article so you can navigate this quickly changing environment.

< <https://www.analyticsinsight.net/5-things-to-know-about-internet-of-things-security/> https://www.analyticsinsight.net/5-things-to-know-about-internet-of-things-security/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Breaking the energy curve: Network energy consumption modeling and energy saving technologies

Network energy consumption is considered a key parameter in designing the 5G New Radio (NR) standard since its inception. This has been motivated by the need to reduce both the carbon footprint of mobile communications and the network operational expenditure (OPEX). Furthermore, the recent rise in energy prices has led to a significant increase in communications service providers' (CSPs’) energy bills. Some CSPs have lowered their profit expectations, while others have increased their use of energy saving functions to save energy costs. It is now more important than ever to break the energy curve. ... NR has improved the potential for network energy savings, but excessive energy is still spent at times when a network serves no or little traffic, and consequently, the energy is wasted. We are engaged in 3GPP to enable even lower energy consumption of NR at both low-, medium and high-load scenarios. The variation in User Equipment (UE) performance due to traffic load is often larger than the variation due to activation of the studied energy saving techniques.

< <https://www.ericsson.com/en/blog/2023/8/breaking-the-energy-curve> https://www.ericsson.com/en/blog/2023/8/breaking-the-energy-curve>

 

**********************

OTHERWISE NOTEWORTHY

**********************

The tech standards that shape the future: How Europeans should respond to China’s rising influence

Europeans should avoid escalating matters with China in the world of international technology standards – but they should nevertheless remain watchful and establish a platform to monitor developments in this crucial arena

< <https://ecfr.eu/article/the-tech-standards-that-shape-the-future-how-europeans-should-respond-to-chinas-rising-influence/> https://ecfr.eu/article/the-tech-standards-that-shape-the-future-how-europeans-should-respond-to-chinas-rising-influence/>

 

Korean telco SK Telecom looks ahead to 6G

Korean telco SK Telecom has released a 6G white paper that focuses on the key requirements for 6G standardization and the telco’s views regarding the direction of future network evolution.

< <https://www.rcrwireless.com/20230810/6g/korean-telco-sk-telecom-publishes-6g-white-paper> https://www.rcrwireless.com/20230810/6g/korean-telco-sk-telecom-publishes-6g-white-paper>

 

Web Environment Integrity has no standing at W3C; understanding new W3C work

For a few weeks now we have been hearing concern in the Web community in regard to Web Environment Integrity, and are asked more and more about it. Our silence is due to the fact that the Web Environment Integrity API is not being worked on in W3C, nor has there been any submission to W3C for W3C Technical Architecture Group (TAG) review.

< <https://www.w3.org/blog/2023/web-environment-integrity-has-no-standing-at-w3c/> https://www.w3.org/blog/2023/web-environment-integrity-has-no-standing-at-w3c/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home