[Newsclips] IETF SYN-ACK Newspack 2021-09-06

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

 

**********************

IETF IN THE NEWS

**********************

TLS with DANE by Geoff Huston

Am I talking to you? In a networked world that’s an important question. For example, where I’m located, when I look up the DNS name google.com I get the IPv6 address 2404:6800:4006:813::2004. This implies that when I send an IPv6 packet to this destination address I will reach a Google-operated server. Right? Well, most of the time that’s probably a reasonable assumption but it’s not always true. A packet’s adventure through the Internet is well beyond my direct control and I have no idea if my packet might be captured and sent elsewhere, accidently, or maliciously. This risk is true for every online service. ... RFC 9102 - TLS DNSSEC Chain Extension: This is a document that was originally posted as an individual Internet Draft in 2015 that was submitted to the IETF’s TLS Working Group, and adopted as a Working Group draft a year later. However, progress within the TLS Working Group appeared to grind to a halt in 2018, after 7 revisions of this working draft. The document was then further developed over the ensuing three years and published via the RFC’s Independent Submission process as an experimental specification, RFC9102.

< <https://www.potaroo.net/ispcol/2021-08/rfc9102.html> https://www.potaroo.net/ispcol/2021-08/rfc9102.html>

< <https://blog.apnic.net/2021/08/31/tls-with-dane/> https://blog.apnic.net/2021/08/31/tls-with-dane/>

 

Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle

A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don't implement MAC address randomisation – meaning they can be used to track their wearers. ... Back in 2014 the IETF vowed to toughen its protocols to prevent trivially easy spying of the type uncovered by NSA whistleblower Snowden. The following year MAC address randomisation emerged as one of the concrete wins from that effort.

< <https://www.theregister.com/2021/09/04/bluetooth_headphones_tracking_oslo/> https://www.theregister.com/2021/09/04/bluetooth_headphones_tracking_oslo/>

 

The new era of email authentication: Security protects more than physical spaces, expanding to protect domains within the virtual world

... As the standards shaping email’s future continue honing the focus on email authentication and sender-based email security, DMARC has become increasingly more valuable for combating fraudulent emails designed to compromise an organization’s security, damage its reputation or steal valuable information. Now we’re working on DMARC 2.0 with the IETF, extending its benefits to other intractable problems in the email space.

< <https://www.securityinfowatch.com/cybersecurity/information-security/managed-network-security/article/21236424/the-new-era-of-email-authentication> https://www.securityinfowatch.com/cybersecurity/information-security/managed-network-security/article/21236424/the-new-era-of-email-authentication>

 

Everything you need to know about BIMI and validated mark certificates, how they increase brand trust, and which companies have adopted them

... The BIMI standard was created as an open, vendor-neutral standard by several large players in the email market including Google, Verizon Media (including Yahoo, AOL and Netscape) and Fastmail. The AuthIndicators Working Group was formed to develop and support an IETF standard. Support for BIMI among mailbox providers is growing and can be tracked on the AuthIndicators’ site. Google’s announcement in July 2021 that Gmail will support BIMI is sure to spur on other providers. Notably absent from current BIMI supporting providers are Microsoft’s Outlook and Office 365.

< <https://www.worldtrademarkreview.com/brand-management/everything-you-need-know-about-bimi-and-validated-mark-certificates-how-they-heighten-brand-trust-and-how-companies-have-adopted-them> https://www.worldtrademarkreview.com/brand-management/everything-you-need-know-about-bimi-and-validated-mark-certificates-how-they-heighten-brand-trust-and-how-companies-have-adopted-them>

 

IPv6+ Accelerates Carriers' Target Network Development in Asia Pacific [source: Huawei]

The Asia Pacific Target Network Conference themed "Consolidate Elastic Target Network, Unlocking New Digital Value" concluded online on Friday. Around 500 professionals from government agencies, standards organizations, enterprises, carriers, and industry mainstream vendors attended this conference hosted by Huawei. At this conference, Huawei worked with leading regional operators such as PLDT, Telkom Indonesia, Globe and CMI etc., to discuss the intelligent target network architecture and highlight the value of the transport network. ... ETSI ISG IPE Chairman Latif Ladid and IETF IAB member Robin Li delivered keynote speeches focusing on the global IPv6 development trend, IPv6 technological innovation system, IPE industry alliance and the latest progress of IPv6+ standards.

< <https://finance.yahoo.com/news/ipv6-accelerates-carriers-target-network-003900644.html> https://finance.yahoo.com/news/ipv6-accelerates-carriers-target-network-003900644.html>

 

Deepening O-RAN Alliance crisis stokes fear of global technology split

Ericsson has joined its Nordic competitor to voice concern over the presence of American sanction targets in the OpenRAN industry group, casting further doubt over the future of the lauded technology. ... However, the general licence does not help O-RAN Alliance’s case, or put Nokia and Ericsson at ease, because it was both temporary (valid from May 20, 2019 to August 19, 2019) and specific (only applied to engagement with Huawei and its affiliates, none of which are members of the Alliance). Probably more problematic is that, unlike IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and even GSMA, which were listed as exemptions on the general licence, the O-RAN Alliance isn’t recognised as one of the international standards bodies.

< <https://telecoms.com/511165/deepening-o-ran-alliance-crisis-stokes-fear-of-global-technology-split/> https://telecoms.com/511165/deepening-o-ran-alliance-crisis-stokes-fear-of-global-technology-split/>

 

What’s it like to charge an EV on a 1,725-km road trip from Vancouver to Regina? Tim Bray has some notes to share

... Speaking as an internet guy, I think it would be useful for the IETF or one of the other standards bodies to find a protocol whereby charging stations could broadcast their current status — how many are working, what chargers are actually available and so on — and then you could imagine that being built into lots of apps, including lots of cars, it would be part of the car software so that the car would just know. It would be nice if we could take a decentralized approach to that.

< <https://electricautonomy.ca/2021/08/30/tim-bray-vancouver-regina-1725km-ev-trip/> https://electricautonomy.ca/2021/08/30/tim-bray-vancouver-regina-1725km-ev-trip/>

 

Neuer ETSI-Standard zur Meldung von Sicherheitslücken [New ETSI standard for reporting security vulnerabilities]

... Auf diese beiden ISO-Standards beruft sich die ETSI-Spezifikation ebenso wie auf eine Handvoll von Publikationen der IETF, der Sicherheitsorganisation FIRST, des US-Forschungsinstituts MITRE und des „National Institute of Standards and Technology“ (NIST) der USA. Vorausgesetzt wird in diesem Guide des Technischen Komitees TC Cyber im ETSI nur sehr wenig. Einleitend werden sogar einfachste Begriffe wie „Exploit“ oder „Payload“ erklärt und in dieser Tonart geht es auch weiter. Dieser ETSI-Entwurf formalisiert eine Konvention zur Einmeldung von Sicherheitslücken, die von den Großkonzernen längst praktiziert werden und die ist in etwa wie folgt:

< <https://fm4.orf.at/stories/3017650/> https://fm4.orf.at/stories/3017650/>

 

Ransomware-Schutz mit Multi-Faktor-Authentifizierung verbessern [Improve ransomware protection with multi-factor authentication]

... TOTP ist ein weithin akzeptierter und weitgehend mit MFA integrierter Algorithmus, der auf RFC-6238 der IETF basiert. Aufgrund der verbesserten Sicherheitsmerkmale, wie z. B. dem verkürzten Ablauf des Passcodes, der typischerweise zwischen 30 und 90 Sekunden beträgt, wird TOTP häufig eingesetzt.

< <https://www.infopoint-security.de/ransomware-schutz-mit-multi-faktor-authentifizierung-verbessern/a28568/> https://www.infopoint-security.de/ransomware-schutz-mit-multi-faktor-authentifizierung-verbessern/a28568/>

 

NFON: non c'è comunicazione senza produttività [NFON: there is no communication without productivity]

... In questa fase del mercato il filone della videoconferenza è il più gettonato, per questo NFON ha deciso di acquisire una partecipazione in Meetecho, società italiana spinoff della Università Federico II di Napoli che ha sviluppato Janus, uno dei server WebRTC più popolari al mondo. "Meetecho è una piccola struttura di sviluppatori tecnologici che hanno creato un oggetto reputato molto interessante da un gran numero di imprese nel mondo, anche particolarmente grandi", spiega Marco Pasculli. Il riferimento è a nomi come Alibaba Cloud, Microsoft, Slack o Twitter. O come l'IETF, che usa Janus per i suoi tanti eventi globali in streaming.

< <https://www.impresacity.it/news/25772/nfon-non-c-e-comunicazione-senza-produttivita.html> https://www.impresacity.it/news/25772/nfon-non-c-e-comunicazione-senza-produttivita.html>

 

Etika Digital yang Patut Terus Dilestarikan [Digital Ethics That Should Continue to Be Preserved]

... Jadi dalam berkomunikasi di internet itu ada etikanya atau disebut juga dengan etiket standarisasi netiket ditetapkan IETF. Sebuah komunitas masyarakat internasional yang terdiri dari para perancang jaringan operator penjual dan peneliti yang terkait dengan evolusi arsitektur dan pengoperasian internet.

< <https://cakrawala.co/etika-digital-yang-patut-terus-dilestarikan/> https://cakrawala.co/etika-digital-yang-patut-terus-dilestarikan/>

 

IETF与互联网标准制定的底层逻辑，兼评邱实、牟承晋自欺欺人的“高级黑” [The underlying logic of IETF and Internet standard formulation, and also comment on Qiu Shi and Mou Chengjin’s self-deceiving "advanced black"]

近日，邱实、牟承晋援引APNIC（亚太地区网络信息中心）官方微博上发表的英国计算机科学家乔治˙迈克尔森（George Michaelson）署名文章《IETF不是互联网标准的“警察”》，称“理解IETF及其RFC，有助于避免被沽名钓誉且经久不衰的‘胡言乱语’所误导，有必要认清自诩的所谓'引领相关IETF国际标准制定'更是无稽之谈且自欺欺人的胡说八道”。笔者惊讶于邱实和牟承晋的观点，特撰文详细科普一下互联网工程任务组IETF与互联网标准制定中的一些基本常识，以帮助读者了解真相，拨乱返正。

< <https://www.edu.cn/xxh/zt/tj/202109/t20210901_2149214.shtml> https://www.edu.cn/xxh/zt/tj/202109/t20210901_2149214.shtml>

 

IPv6开启标准化工作，独立IP未来将不再稀缺 [IPv6 starts standardization work, independent IP will no longer be scarce in the future]

... 所谓的IPv6，其实是“Internet Protocol Version 6”（互联网协议第6版）的缩写，是互联网工程任务组（IETF）为IPv4地址资源枯竭而设计的下一代IP协议。对于互联网有着一定了解的朋友想必都听说过“IP地址”，这是在互联网中定位到相应设备的核心元素，相当于是互联网世界中的门牌号。

< <https://finance.sina.com.cn/tech/2021-09-03/doc-iktzscyx2147265.shtml> https://finance.sina.com.cn/tech/2021-09-03/doc-iktzscyx2147265.shtml>

 

如何推进IPv6技术创新？ [How to promote IPv6 technological innovation?]

... 自1996年国际互联网工程任务组（IETF）制订IPv6第一批标准以来，IPv6相关RFC（一系列以编号排定的文件）已累计近千篇，且这个数字还在不断增加中。此外，我国对于国际标准的参与程度也逐渐加深，在多个标准组织主导完成的IPv6标准文稿数量增幅均保持全球第一。

< <https://www.sohu.com/a/487232704_120972774?spm=smpc.news-home.tech-digit-news.8.16305480002552FKpLOU> https://www.sohu.com/a/487232704_120972774?spm=smpc.news-home.tech-digit-news.8.16305480002552FKpLOU>

 

IPv6标准工作组在京成立 [IPv6 standards working group was established in Beijing]

... 工业和信息化部信息通信发展司司长谢存表示，IPv6标准工作组要完善标准体系。在国家标准方面，基于TC485等现有体系架构，积极推进IPv6监测评测、IPv6新技术、IPv6垂直行业应用等方面的国家标准建设，增强标准全局影响力；在行业标准方面，进一步结合新形势、新要求，加强IPv6网络、协议、设备、质量、安全等相关行业标准和团体标准的研制和推进工作；在国际标准方面，要深入参与IETF、ITU-T、ETSI等IPv6国际标准化工作，由“点”及“面”加快布局，积极推动将我国自主知识产权的标准转化为国际标准。要深化IPv6相关标准成果的推广和应用，促进IPv6端到端网络质量提升、产业发展和应用创新，构建广泛的IPv6应用生态。

< <http://it.enorth.com.cn/system/2021/09/06/051797837.shtml> http://it.enorth.com.cn/system/2021/09/06/051797837.shtml>

 

李星：“IPv6单栈”已成新阶段的关键词 [Li Xing: "IPv6 Single Stack" has become a key word in a new stage]

... 李星：溯源IPv6的诞生，它是1992年前后提出，当年年底在IETF(互联网工程任务组)形成白皮书。从1996年开始，一系列用于定义IPv6的RFC发表出来。

< <https://www.edu.cn/xxh/zhuan_jia_zhuan_lan/lx/202109/t20210901_2149222.shtml> https://www.edu.cn/xxh/zhuan_jia_zhuan_lan/lx/202109/t20210901_2149222.shtml>

 

**********************

SECURITY & PRIVACY

**********************

ETSI releases the first Group Report on Encrypted Traffic Integration, protecting end users from malicious attacks

ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) has concluded the early part of its work, by identifying problems arising from pervasive encrypted traffic in communications networks.

< <https://www.etsi.org/newsroom/press-releases/1961-etsi-releases-the-first-group-report-on-encrypted-traffic-integration-protecting-end-users-from-malicious-attacks> https://www.etsi.org/newsroom/press-releases/1961-etsi-releases-the-first-group-report-on-encrypted-traffic-integration-protecting-end-users-from-malicious-attacks>

 

5 Items to Monitor to Detect DDoS Attacks

DDoS attacks have steadily increased over the last 18 months, despite being overshadowed by malware attacks and ransomware. ... Here are five network packet types and protocols commonly abused in DDoS attacks and guidance on how best to monitor them.

< <https://www.nextgov.com/ideas/2021/08/5-items-monitor-detect-ddos-attacks/184874/> https://www.nextgov.com/ideas/2021/08/5-items-monitor-detect-ddos-attacks/184874/>

 

DDoS Attacks Hitting Victims in High-Bandwidth 'Bursts'

The number of DDoS attacks grew fourfold in the first half of 2021, with attack volume doubling, new data shows.

< <https://www.darkreading.com/threat-intelligence/ddos-attacks-hitting-victims-in-high-bandwidth-bursts-> https://www.darkreading.com/threat-intelligence/ddos-attacks-hitting-victims-in-high-bandwidth-bursts->

 

Dogged Persistence— The Name of the Game for One DDoS Attacker

With DDoS, we typically observe a moderate degree of attacker persistence. DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out.

< <https://www.akamai.com/blog/news/dogged-persistence-the-name-of-the-game-for-one-ddos-attacker> https://www.akamai.com/blog/news/dogged-persistence-the-name-of-the-game-for-one-ddos-attacker>

 

European Cybersecurity Month (ECSM) 2021: Get Involved and Register Your Event

ECSM, the EU’s annual cybersecurity advocacy campaign will kick off on 1 October 2021. The campaigns’ website opens to the public for event submissions today through the 30 September.

< <https://www.enisa.europa.eu/news/enisa-news/european-cybersecurity-month-ecsm-2021-get-involved-and-register-your-event> https://www.enisa.europa.eu/news/enisa-news/european-cybersecurity-month-ecsm-2021-get-involved-and-register-your-event>

 

ETSI releases the first Group Report on Encrypted Traffic Integration, protecting end users from malicious attacks

ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) has concluded the early part of its work, by identifying problems arising from pervasive encrypted traffic in communications networks. 

< <https://www.etsi.org/newsroom/press-releases/1961-etsi-releases-the-first-group-report-on-encrypted-traffic-integration-protecting-end-users-from-malicious-attacks> https://www.etsi.org/newsroom/press-releases/1961-etsi-releases-the-first-group-report-on-encrypted-traffic-integration-protecting-end-users-from-malicious-attacks>

 

The Future of 5GMobile Network Security

Billions of 5G devices are projected to go online over the next decade. The benefits of 5G connectivity are clear – higher bandwidth, wider coverage and low latency enabling advanced applications at lower costs than ever before.

< <https://securityboulevard.com/2021/09/the-future-of-5gmobile-network-security/> https://securityboulevard.com/2021/09/the-future-of-5gmobile-network-security/>

 

5G and Cybersecurity – A Realistic Path Forward

5G Technolgy has been increasing in popularity among the telecom companies creating it and organizations that consume wireless networks. The reasons for this are not trivial.

< <https://www.cpomagazine.com/cyber-security/5g-and-cybersecurity-a-realistic-path-forward/> https://www.cpomagazine.com/cyber-security/5g-and-cybersecurity-a-realistic-path-forward/>

 

**********************

INTERNET OF THINGS

**********************

IoT Based Smart Cart Using RFID and NodeMCU by Sumanth Kasula, Kakatiya Institute of Technology & Science, Warangal

Abstract: A creative item with societal acknowledgment is the one that will guide the solace,iaccommodation and effectiveness in regular daily existence. Acquiring and shopping at enormous shopping centres is winding up day by day action in metro urban areas. The Internet of Things (IoT) means taking all the things in the world and connecting all of them to the internet. People buy a variety of products and deposit them in the trolley.

< <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3904839> https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3904839>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

The Algorithm Series: QUIC Ways to Stream

In the beginning, there was IP. And IP begat both a beauty (TCP) and a beast (UDP). And all was good.

< <https://www.streamingmedia.com/Articles/Editorial/Featured-Articles/The-Algorithm-Series-QUIC-Ways-to-Stream-148688.aspx> https://www.streamingmedia.com/Articles/Editorial/Featured-Articles/The-Algorithm-Series-QUIC-Ways-to-Stream-148688.aspx>

 

HTTP/3で暗号化されていない通信は存在しなくなる、フィッシング対策協議会が解説 [Communication that is not encrypted with HTTP / 3 will no longer exist, explained by the Anti-Phishing Council]

フィッシング対策協議会は8月27日、通信プロトコル「QUIC」の標準化とHTTP/3によるWebサイト表示速度の更なる高速化ついて案内を行った。

< <https://www.excite.co.jp/news/article/Scannetsecurity_46216/> https://www.excite.co.jp/news/article/Scannetsecurity_46216/>

 

South Korea's Lunar Orbiter to test delay-tolerant networking

South Korea's planned lunar orbiter will test delay-tolerant networking, a protocol designed for fragile and latency-heavy networks.

< <https://www.datacenterdynamics.com/en/news/south-koreas-lunar-orbiter-to-test-delay-tolerant-networking/> https://www.datacenterdynamics.com/en/news/south-koreas-lunar-orbiter-to-test-delay-tolerant-networking/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Leonard Kleinrock Internet Pioneer by Dr. Morten Bay, USC Annenberg School of Communication

The emergence of the Internet has profoundly affected our existence and the world we live in. Rooted in the efforts of a small group of people who had a vision and performed the intense labor necessary to realize it, the Internet has grown into a technological movement born of the collaborations of its contributors. One of those essential early figures in the Internet’s history is Leonard Kleinrock. Morten Bay describes Kleinrock’s remarkable life and career as a co-creator of one of the greatest inventions in human history.

< <https://mbrjournal.com/2021/01/26/leonard-kleinrock-internet-pioneer/> https://mbrjournal.com/2021/01/26/leonard-kleinrock-internet-pioneer/>

 

AI Regulation Is Coming: How to prepare for the inevitable by François Candelon, Rodolphe Charme di Carlo, Midas De Bondt, and Theodoros Evgeniou 

For years public concern about technological risk has focused on the misuse of personal data. But as firms embed more and more artificial intelligence in products and processes, attention is shifting to the potential for bad or biased decisions by algorithms—particularly the complex, evolving kind that diagnose cancers, drive cars, or approve loans. Inevitably, many governments will feel regulation is essential to protect consumers from that risk.

< <https://hbr.org/2021/09/ai-regulation-is-coming> https://hbr.org/2021/09/ai-regulation-is-coming>

 

The Digital Economy Runs on Open Source. Here’s How to Protect It. by Hila Lifshitz-Assaf and Frank Nagle 

Free and open source software (FOSS) is essential to much of the tech we use every day — from cars to phones to planes to the cloud. While traditionally, it was developed by an army of volunteer developers and given away for free, companies are increasingly taking a more active role in its development. But as companies buy up open source companies, bring development in house, and spin off their own for-profit versions of FOSS products, they could be endangering the future of this essential software. To maintain the viability and security of FOSS, companies should: 1) have a clear policy towards open source — preferably one that encourages employees to contribute to FOSS if feasible, 2) raise their level of awareness about the FOSS that they use and stay apprised of its vulnerabilities, and 3) keep the stability of the software they use in mind, and incentivize their employee contributions to focus on both features useful to the company as well as general security and maintenance.

< <https://hbr.org/2021/09/the-digital-economy-runs-on-open-source-heres-how-to-protect-it> https://hbr.org/2021/09/the-digital-economy-runs-on-open-source-heres-how-to-protect-it>

 

7 Scholarships Exclusively for Women Studying Engineering: They are being offered by Google, IEEE, and other organizations

Employment in science, technology, engineering, and math fields is still disproportionately dominated by men, especially in engineering and math. Last year, according to a poll conducted by the U.S. Census Bureau, 27 percent of STEM jobs were held by women. The percentage is even smaller for managerial and senior-level positions. Some optimism is justified, however, as the numbers were even lower five years ago.

< <https://spectrum.ieee.org/7-scholarships-exclusively-for-women-studying-engineering> https://spectrum.ieee.org/7-scholarships-exclusively-for-women-studying-engineering>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home