[Newsclips] IETF SYN-ACK Newspack 2022-09-19

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Will the Internet of tomorrow become several intranets instead? Geopolitics could be key

... Along with other organisations such as the IETF, Icann sets technical policies and standards to keep the Internet working and evolving. For example, the IETF has set thousands of standards that have kept the Internet evolving to keep up with the times, such as developing the Internet Protocol version 6 (IPv6) address when it was discovered that IPv4 addresses were not sufficient to provide a distinct address to every Internet device.

< <https://www.todayonline.com/commentary/commentary-will-internet-tomorrow-become-several-intranets-instead-geopolitics-could-be-key-1996621> https://www.todayonline.com/commentary/commentary-will-internet-tomorrow-become-several-intranets-instead-geopolitics-could-be-key-1996621>

 

What is DKIM? – A Bit of History

... Yahoo! and CISCO realized the potential of their technologies and decided to merge them into a single security protocol in 2007. Their collaboration set the basis for the IETF standards that eventually led to the creation of STD 76, currently known as the RFC 6376.

< <https://easydmarc.com/blog/what-is-dkim-a-bit-of-history/> https://easydmarc.com/blog/what-is-dkim-a-bit-of-history/>

< <https://securityboulevard.com/2022/09/what-is-dkim-a-bit-of-history/> https://securityboulevard.com/2022/09/what-is-dkim-a-bit-of-history/>

 

Towards cross-ecosystem interoperability with automated data model conversions

... In the context of IoT, data models and information models provide the means to describe simple items or more complex devices consisting of multiple items. Over the years, there’s been discussions about the differences between information models and data models. In that context, the IETF created a document to clarify that situation. The distinction between the models can be summarized as follows:

< <https://www.ericsson.com/en/blog/2022/9/ecosystem-interoperability-data-model-conversion> https://www.ericsson.com/en/blog/2022/9/ecosystem-interoperability-data-model-conversion>

 

This security firm claims to have the right tool for your privacy, and it's not a VPN

... For doing so, the service uses one of the best CDN networks around, Fastly (opens in new tab), as it implements the encryption protocol known as IETF Masque that combines TLS-encrypted HTTPS connections with reliable and fast performance. It's also open-source, meaning that anyone can check out the network for vulnerabilities.

< <https://www.techradar.com/news/this-security-firm-claims-to-have-the-right-tool-for-your-privacy-and-its-not-a-vpn> https://www.techradar.com/news/this-security-firm-claims-to-have-the-right-tool-for-your-privacy-and-its-not-a-vpn>

 

iOS 16 lets users automatically bypass CAPTCHAs

... To ensure that users get the best experience possible, while also providing protection to apps and websites against attackers and bots, and saving users time, Apple has added support for Private Access Tokens in iOS 16, iPadOS 16, and macOS Ventura. This is a new technology that is on its way to becoming a standard in the IETF Privacy Pass working group, with other companies also included in it. Private Access Tokens ensure that legitimate HTTP requests can be validated, without compromising user privacy or personal information.

< <https://www.ithinkdiff.com/ios-16-automatically-bypass-captchas/> https://www.ithinkdiff.com/ios-16-automatically-bypass-captchas/>

 

Bypass Annoying CAPTCHAs for Apps and Websites on Your iPhone Automatically for Instant Verification 

... Private Access Tokens are not strictly for Apple devices, as they are a part of a broader authentication standard called Privacy Pass being developed by the IETF working group, which includes Apple and Google. Currently, Cloudflare and Fastly are the only CDNs Apple has worked with, but it is working with other companies for vast implementation across the web.

< <https://ios.gadgethacks.com/how-to/bypass-annoying-captchas-for-apps-and-websites-your-iphone-automatically-for-instant-verification-0385070/> https://ios.gadgethacks.com/how-to/bypass-annoying-captchas-for-apps-and-websites-your-iphone-automatically-for-instant-verification-0385070/>

 

The Evolving OpenWrt Ecosystem

... Beyond devices, OpenWrt has also expanded and evolved further, as its Buildroot system. was adopted as the structure for other projects. The Cloudtrax replacement AltiWi, for one, runs OpenWrt 19.07 RC2. The IETF IPv6 integration projects HIPnet and HomeNet are based on OpenWrt. Similarly, prplOS, a framework designed to run Prpl Foundation routers and gateways, uses OpenWrt.

< <https://techbullion.com/the-evolving-openwrt-ecosystem/> https://techbullion.com/the-evolving-openwrt-ecosystem/>

 

Fastmail s'associe à BitWarden pour créer des alias aléatoires à la volée, une fonction encore rare [Fastmail partners with BitWarden to create random aliases on the fly, a feature still rare]

... Il n’en restait pas moins que Fastmail était techniquement très réussi, notamment grâce à la promotion de son standard JMAP, développé pour remplacer un IMAP bien vieillissant et disposant de son propre groupe de travail à l’IETF. Des fonctions comme l’annulation après envoi pendant 15 secondes, la synchronisation des contacts et de l’agenda, ou encore les notifications push sur tous les appareils sont présentes dans JMAP.

< <https://www.nextinpact.com/article/69960/fastmail-sassocie-a-bitwarden-pour-creer-alias-aleatoires-a-volee-fonction-encore-rare> https://www.nextinpact.com/article/69960/fastmail-sassocie-a-bitwarden-pour-creer-alias-aleatoires-a-volee-fonction-encore-rare>

 

iOS 16 débarque sur vos iPhone, voici ce qu'il faut savoir [iOS 16 arrives on your iPhone, here's what you need to know]

... Cette évolution dans les standards d’identification s’accompagne d’une refonte d’Apple Wallet. Jusqu’ici utilisé pour les cartes de crédit notamment, le portefeuille numérique de l’iPhone permettra d’enregistrer les clés de voitures au standard IETF, des documents d’identité numérique et d’autres clés électroniques, comme des cartes d’accès à des chambres d’hôtel.

< <https://www.heidi.news/cyber/ios-16-debarque-sur-vos-iphone-voici-ce-qu-il-faut-savoir> https://www.heidi.news/cyber/ios-16-debarque-sur-vos-iphone-voici-ce-qu-il-faut-savoir>

 

Esta empresa de seguridad dice tener la herramienta adecuada para tu privacidad, y no es una VPN [This security company claims to have the right tool for your privacy, and it's not a VPN]

... Para ello, el servicio utiliza una de las mejores redes CDN que existen, Fastly (se abre en una nueva pestaña), ya que implementa el protocolo de cifrado conocido como IETF Masque, que combina conexiones HTTPS cifradas por TLS con un rendimiento fiable y rápido. También es de código abierto, lo que significa que cualquiera puede comprobar la red en busca de vulnerabilidades.

< <https://thepixeldisplay.com/software/esta-empresa-de-seguridad-dice-tener-la-herramienta-adecuada-para-tu-privacidad-y-no-es-una-vpn/652/> https://thepixeldisplay.com/software/esta-empresa-de-seguridad-dice-tener-la-herramienta-adecuada-para-tu-privacidad-y-no-es-una-vpn/652/>

 

Már tölthető le a .NET, az Entity Framework 7.0, az ASP.NET Core és a Blazor 7.0 első kiadásra jelölt változata [First-release candidate versions of .NET, Entity Framework 7.0, ASP.NET Core, and Blazor 7.0 are now available for download]

... Az új. NET 7.0-hoz kapcsolódó új Entity Framework 7.0 pl. mostantól lehetővé teszi aggregátok JSON oszlopokban történő tárolását is, az ASP.NET Core 7.0 és a Blazor 7.0 pedig rugalmasabb Open ID Connect hitelesítését, egyszerűbb JavaScript import és export lehetőségét a WebAssembly-ből, valamint gyorsabb HTTP/2 komunikációt, és az IETF WebTransport specifikációjának támogatását kínálja.

< <https://prog.hu/hirek/6308/mar-toltheto-le-a-net-az-entity-framework-7-0-az-asp-net-core-es-a-blazor-7-0-elso-kiadasra-jelolt-valtozata> https://prog.hu/hirek/6308/mar-toltheto-le-a-net-az-entity-framework-7-0-az-asp-net-core-es-a-blazor-7-0-elso-kiadasra-jelolt-valtozata>

 

IETFが勧告したWebの通信プロトコルの最新版は？ [What is the latest version of the communication protocol for the Web recommended by the IETF?]

インターネット関連技術の標準化を手掛けるIETFは2022年6月6日（米国時間）、インターネット通信の多くを占めるWebにおける通信プロトコルの最新版を「RFC 9114」として勧告しました。

< <https://events.nikkeibp.co.jp/xtech/2022/atcl/column/00002/00021/> https://events.nikkeibp.co.jp/xtech/2022/atcl/column/00002/00021/>

 

初のカーブアウトで独立　パナソニックでの壁を破る [Independent with the first carve-out Breaking the barrier at Panasonic]

... 宮崎は1995年にパナソニックに入社し、携帯電話などの通信方式の検討やデータ通信用ソフトの開発を担当する部署に配属された。入社2年目からは自ら新しい通信規格の開発に取り組んだ。テレビ電話の先駆けとなる製品の開発にも携わり、自身が開発した通信規格を国際標準化団体のIETFに提案し標準化するなど実績を重ねた。

< <https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600002/090500062/> https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600002/090500062/>

 

每日热讯!打破网络黑盒，新华三携手中国移动完成IPv6随流检测互通测试 [Daily News! Breaking the network black box, H3C joins hands with China Mobile to complete the IPv6 flow detection and interoperability test]

... 2021年10月，新华三联合中国移动在IETF标准化组织提交标准议案，成为随流检测标准迈向国际化的重要里程碑。同年12 月，中国移动组织新华三等企业在国际信息港成功完成高精度随流检测功能的实验室互通测试。

< <http://news.ctocio.com.cn/dzxf/2022/0917/90270.html> http://news.ctocio.com.cn/dzxf/2022/0917/90270.html>

 

السيادة الرقمية تحوّل "معايير الإنترنت" إلى ساحة صراع أمريكي صيني [Digital sovereignty turns 'Internet standards' into an arena of U.S.-China conflict]

... وتعد مجموعة مهندسي شبكة الإنترنت (IETF) مثالاً على ذلك، فهي هيئة دولية رائدة تأسست عام 1986، وتضم عدداً من الباحثين والأكاديميين والمهندسين في مجال تطوير بنية شبكة الإنترنت، وبذلك تتبع هذه المجموعة نموذج أصحاب المصلحة، إذ تعمل على تطوير وتعزيز معايير الإنترنت الطوعية، مثل تلك التي تشكل TCP/IP، كما لعبت المجموعة دوراً أساسياً في تشكيل غالبية بروتوكولات الشبكات الرئيسية للإنترنت.

< <https://www.hespress.com/نهج-متباين-كيف-تحولت-معايير-الإنترنت-1046860.html> https://www.hespress.com/نهج-متباين-كيف-تحولت-معايير-الإنترنت-1046860.html>

 

**********************

SECURITY & PRIVACY

**********************

The Artificial Intelligence and Cybersecurity Nexus: Taking Stock of the European Union’s Approach

Summary: The EU’s AI-cybersecurity ecosystem remains highly fragmented. To realize its technological leadership ambitions, the bloc must connect the dots between its myriad initiatives, processes, and stakeholders.

< <https://carnegieeurope.eu/2022/09/15/artificial-intelligence-and-cybersecurity-nexus-taking-stock-of-european-union-s-approach-pub-87886> https://carnegieeurope.eu/2022/09/15/artificial-intelligence-and-cybersecurity-nexus-taking-stock-of-european-union-s-approach-pub-87886>

 

us: Securing 5G Open RAN Architecture from Cybersecurity Risks

Open Radio Access Network Security ConsiderationsThe Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), through the Enduring Security Framework (ESF), have published a paper titled, Open Radio Access Network Security Considerations which assesses the benefits and security considerations with implementing Open RAN architecture.

< <https://www.cisa.gov/blog/2022/09/15/securing-5g-open-ran-architecture-cybersecurity-risks> https://www.cisa.gov/blog/2022/09/15/securing-5g-open-ran-architecture-cybersecurity-risks>

 

us: CISA Announces Fifth Annual Cybersecurity Summit to Take Place October 4 in Atlanta

The Cybersecurity and Infrastructure Security Agency (CISA) today announced it will host its 5th Annual Cybersecurity Summit on Tuesday, October 4th in Atlanta, Georgia.

< <https://www.cisa.gov/news/2022/09/12/cisa-announces-fifth-annual-cybersecurity-summit-take-place-october-4-atlanta> https://www.cisa.gov/news/2022/09/12/cisa-announces-fifth-annual-cybersecurity-summit-take-place-october-4-atlanta>

 

us: CISA Hosts Fourth Cybersecurity Advisory Committee to Provide Updates and Recommendations for the Agency Going Forward

Today, the Cybersecurity and Infrastructure Security Agency (CISA) held its fourth Cybersecurity Advisory Committee meeting, with Committee members providing updates to CISA Director Jen Easterly on the work of its subcommittees. Two of the subcommittees – Protecting Critical Infrastructure from Mis- Dis- and Mal (MDM) information and Building Resilience and Reducing Systemic Risk to Critical Infrastructure – provided new recommendations to the Director.

< <https://www.cisa.gov/news/2022/09/13/cisa-hosts-fourth-cybersecurity-advisory-committee-provide-updates-and> https://www.cisa.gov/news/2022/09/13/cisa-hosts-fourth-cybersecurity-advisory-committee-provide-updates-and>

 

Measuring DNS Abuse: Our First Report

In May 2022, we wrote about kicking off our work to measure DNS Abuse. We’re proud to announce today that we have launched our first report and gone live with our measurement initiative: DNSAI Intelligence.

< <https://dnsabuseinstitute.org/measuring-dns-abuse-our-first-report/> https://dnsabuseinstitute.org/measuring-dns-abuse-our-first-report/>

 

**********************

INTERNET OF THINGS

**********************

EU wants to toughen cybersecurity rules for smart devices

The European Union’s executive arm proposed new legislation Thursday that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.

< <https://apnews.com/article/technology-european-union-commission-f981003838097a36ff90fc66afeb2d63> https://apnews.com/article/technology-european-union-commission-f981003838097a36ff90fc66afeb2d63>

 

EU proposes rules targeting cybersecurity risks of smart devices

>From laptops to fridges to mobile apps, smart devices connected to the internet will have to be assessed for their cybersecurity risks under draft European Union rules announced on Thursday, amid concerns about a spate of cyber attacks.

< <https://www.reuters.com/technology/eu-proposes-rules-targeting-smart-devices-with-cybersecurity-risks-2022-09-15/> https://www.reuters.com/technology/eu-proposes-rules-targeting-smart-devices-with-cybersecurity-risks-2022-09-15/>

 

State of the Union: New EU cybersecurity rules ensure more secure hardware and software products

Today, the Commission has presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. A first ever EU-wide legislation of its kind, it introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle.

< <https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5374> https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5374>

 

State of the Union: EU Cyber Resilience Act - Questions & Answers

What is the new EU Cyber Resilience Act? The Cyber Resilience Act is a first ever EU-wide legislation of its kind: it introduces common cybersecurity rules for manufacturers and developers of products with digital elements, covering both hardware and software. It will ensure that wired and wireless products that are connected to the internet and software placed on the EU market are more secure and that manufacturers remain responsible for cybersecurity throughout a product's life cycle. It will also allow the customers of these products to be properly informed about the cybersecurity of the products they buy and use.

< <https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_5375> https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_5375>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

QUIC协议使用观察 [QUIC protocol usage observation]

快速UDP互联网连接（QUIC）是一种网络协议，最初由谷歌公司开发和部署，最近（2021年5月）在互联网工程任务组（IETF）中被标准化（标准文档RFC9000）。

< <https://www.edu.cn/xxh/zt/tj/202209/t20220916_2246108.shtml> https://www.edu.cn/xxh/zt/tj/202209/t20220916_2246108.shtml>

 

**********************

OTHERWISE NOTEWORTHY

**********************

The future is still IPv6

During the Internet Society Singapore Chapter’s IPv6 Launch Anniversary in 2013, then Vice-Chairman of the Singapore IPv6 Forum Sanjeev Gupta notably remarked that “The future is IPv6” and “… as migrants to that future, we might as well get ahead of the curve and integrate.” At the time, only marginal gains were being made. So, how is Singapore’s IPv6 capability nearly a decade later?

< <https://blog.apnic.net/2022/09/15/the-future-is-still-ipv6/> https://blog.apnic.net/2022/09/15/the-future-is-still-ipv6/>

 

What will the internet of the future look like?

Companies worldwide are working on the next generation of the internet. The "metaverse" or "web3" could overhaul the web as we know it. But how do you avoid repeating the mistakes of today's internet?

< <https://www.dw.com/en/what-will-the-internet-of-the-future-look-like/a-63158651> https://www.dw.com/en/what-will-the-internet-of-the-future-look-like/a-63158651>

< <https://www.msn.com/en-us/news/technology/what-will-the-internet-of-the-future-look-like/ar-AA11XvTm> https://www.msn.com/en-us/news/technology/what-will-the-internet-of-the-future-look-like/ar-AA11XvTm>

 

When a bridge becomes a wall: What is the language of the Internet?

The internet is not a great equaliser. The infrastructure gap is well-documented: the International Telecommunication Union (ITU) has quantified the “‘grand canyon’ separating the digitally empowered from the digitally excluded”. Despite double-digit growth in internet adoption in 2020–21, particularly in Asia and Africa, connectivity in the least developed countries stands at 27 percent. Of the 2.9 billion people without access to broadband internet, 96 percent live in the developing world.

< <https://www.orfonline.org/expert-speak/when-a-bridge-becomes-a-wall/> https://www.orfonline.org/expert-speak/when-a-bridge-becomes-a-wall/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home