[Newsclips] IETF SYN-ACK Newspack 2023-02-13

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Report – A Guide to the IETF for Public Interest Advocates

The internet today is shaped by standards and protocols that technical communities and regulatory bodies develop and implement. A key purpose of internet standardisation is to ensure interoperability across a heterogeneous network of networks.

< <https://cdt.org/insights/report-a-guide-to-the-internet-engineering-task-force-ietf-for-public-interest-advocates/> https://cdt.org/insights/report-a-guide-to-the-internet-engineering-task-force-ietf-for-public-interest-advocates/>

 

Hal Lubsen, Industry Leader and Former CEO of Afilias, Has Passed Away

Hal Lubsen, former CEO of Afilias, passed away peacefully on February 7, 2023. ... Known for his strategic thinking and innovative approach to solving complex problems, Hal promoted Afilias’ strong advocacy and involvement in the Internet space and built a culture of doing the right thing for the future of the Internet. Members of his management team and his Board made active and long-lasting contributions to ICANN, the coordinator of domain names worldwide; to ISOC, the non-profit focused on an open internet; to the IETF, the internet standards making body; to PIR, the steward of .org; to SSAC, the security and stability committee; and to the IGF, the United Nations’ Internet Governance Forum. Afilias became known for its long-term focus, its ethics, and its strong commitment to public service.

< <https://circleid.com/posts/20230209-hal-lubsen-industry-leader-and-former-ceo-of-afilias-has-passed-away> https://circleid.com/posts/20230209-hal-lubsen-industry-leader-and-former-ceo-of-afilias-has-passed-away>

 

Importance of Standards to National Security

Standards are many, and they have value. You know that. We’ll talk more about their definition and variety in just a moment, but we begin this discussion in an engineering frame of mind: problem statement first, solution second. The general problem statement for technological standards is how to avoid the power imbalance of a single source for essential goods and services; in other words, standards are a line of defense against concentration risk. Interoperability is the goal, and multiple suppliers is the proof. By contrast, an absence of standards devolves into a winner-take-all hegemony if the tech in question is massed or has network effects. Threading that needle is hard but essential. So, we want standards, full stop. The problem is particularly acute where those standards affect national security operations—who writes the standards matters. ... Another American value-embedding episode was the ultimate refusal of the IETF to specify encryption methods in internet protocols that would have given governments unique, privileged access to the contents of otherwise encrypted communications. The IETF refused to embed those standards. Had the internet world had then a different IETF, one dominated by experts from authoritarian-leaning nations, a different set of values would have become an undodgeable part of the internet.

< <https://www.lawfareblog.com/importance-standards-national-security> https://www.lawfareblog.com/importance-standards-national-security>

 

IAB 2023-2024 Appointments Announced by NomCom

On 9 February 2023, the NomCom the announced the selection of the IAB slate whose terms will start at IETF 116 in March 2023.

< <https://www.iab.org/2023/02/09/iab-2023-2024-appointments-announced-by-nomcom/> https://www.iab.org/2023/02/09/iab-2023-2024-appointments-announced-by-nomcom/>

 

IPv6 adoption and the challenges of IPv6-only iterative resolvers

As the deployment of IPv6 networks continues to grow, one challenge that has emerged is that some DNS zones are only served by IPv4-only authoritative servers. This can cause problems for IPv6-only iterative resolvers that do not have access to an IPv4 network, resulting in the inability to resolve all DNS zones. ... We have submitted an Informational Internet Draft documenting this proposal for an IPv6-only iterative resolver utilizing NAT64. We have presented the draft to the IETF 115 v6ops Working Group and received positive feedback on the mailing list. There are also implementations of an IPv6-only iterative resolver using NAT64 on both BIND and Unbound. However, these are currently in Pull Request (PR) form and have yet to be merged into the mainline.

< <https://blog.apnic.net/2023/02/09/ipv6-adoption-and-the-challenges-of-ipv6-only-iterative-resolvers/> https://blog.apnic.net/2023/02/09/ipv6-adoption-and-the-challenges-of-ipv6-only-iterative-resolvers/>

 

Will IPv6 replace IPv4?

The disadvantage that the complete depletion of IPv4 addresses brought and will bring is not being spoken about as much as you would think. Every device that can connect to the internet, needs an IPv4 address to do so. This means that any new device that is made to connect to the internet, won’t be able to as IPv4 addresses have all run out. Because of this issue, the IETF developed IPv6.

< <https://whoswho.co.za/2023/02/will-ipv6-replace-ipv4/> https://whoswho.co.za/2023/02/will-ipv6-replace-ipv4/>

 

The Benefits of RPKI Signed Checklists

The Resource Public Key Infrastructure (RPKI) is a system that supports routing security through the use of X.509 certificates and cryptographically-signed objects. ... Because the files/documents in an RSC are up to the resource holder, it’s possible to use RSCs as a container for new, customized RPKI applications without having to take the associated specification through the IETF RFC standardization process.

< <https://www.manrs.org/2023/02/the-benefits-of-rpki-signed-checklists/> https://www.manrs.org/2023/02/the-benefits-of-rpki-signed-checklists/>

 

The Root Zone of the DNS Revisited

The DNS is a remarkably simple system. You send it queries and you get back answers. Within the system you see exactly the same simplicity: The DNS resolver that receives your query may not know the answer, so it, in turn, will send queries deeper into the system and collects the answers. The query/response process is the same, applied recursively. Simple. ... The IETF published RFC 8976, the specification of a message digest record for DNS zones, in February 2021. This RFC defines the ZONEMD record.

< <https://www.potaroo.net/ispcol/2023-02/rootzone.html> https://www.potaroo.net/ispcol/2023-02/rootzone.html>

< <https://blog.apnic.net/2023/02/08/the-root-of-the-dns-revisited/> https://blog.apnic.net/2023/02/08/the-root-of-the-dns-revisited/>

 

Migration to quantum-resistant algorithms in mobile networks

The risk that large and robust quantum computers may be built in a few decades urges us to plan for the migration of our ICT systems to quantum-resistant cryptography. Future 5G releases will initiate this migration and make 6G fully quantum-resistant from the start. Here, we take a detailed look at what such a migration will look like and share insights into recent progress. ... NIST’s algorithm usage is implemented primarily through its incorporation in IETF protocols, and only few ICT systems implement them directly. IETF has been following NIST’s work closely and is preparing to include the NIST standardized QR algorithms in all important security protocols.

< <https://www.ericsson.com/en/blog/2023/2/quantum-resistant-algorithms-mobile-networks> https://www.ericsson.com/en/blog/2023/2/quantum-resistant-algorithms-mobile-networks>

 

An easy guide to understanding modern composable commerce stacks

... It’s also important to make sure that the stack isn’t overly complicated and that it follows best practices. To ensure that businesses are implementing strong security controls, the IETF recently approved the Internet-scale Security Assured (ISA) Working Group. This working group helps businesses implement strong security controls on their stack.

< <https://bmmagazine.co.uk/business/an-easy-guide-to-understanding-modern-composable-commerce-stacks/> https://bmmagazine.co.uk/business/an-easy-guide-to-understanding-modern-composable-commerce-stacks/>

 

Voici les détails sur le portefeuille numérique européen. Les Tchèques pourraient être l’un des premiers à le voir [Here are the details about the European digital wallet. The Czechs could be one of the first to see it]

... “La bonne nouvelle est que, sur le plan technologique, le portefeuille s’appuiera principalement sur les normes ouvertes des ateliers OpenID Foundation, W3C et IETF”, a ajouté Talíř.

< <https://www.nouvelles-du-monde.com/voici-les-details-sur-le-portefeuille-numerique-europeen-les-tcheques-pourraient-etre-lun-des-premiers-a-le-voir/> https://www.nouvelles-du-monde.com/voici-les-details-sur-le-portefeuille-numerique-europeen-les-tcheques-pourraient-etre-lun-des-premiers-a-le-voir/>

 

Jonas Birgersson skapar en öppen standard för energidelning, EP [Jonas Birgersson creates an open standard for energy sharing, EP]

... Det är ett gräsrotsinitiativ som ser till att internet fungerar. IETF underhåller och utvecklar standarden som förbinder oss alla, Internet Protocol, IP. Världens största standard med bred marginal.

< <https://www.warpnews.se/energi/jonas-birgersson-skapar-en-oppen-standard-for-energidelning/> https://www.warpnews.se/energi/jonas-birgersson-skapar-en-oppen-standard-for-energidelning/>

 

《流浪地球2》的现实倒影（二）：从IPv6到根服务器 [Realistic Reflection of "Wandering Earth 2" (2): From IPv6 to Root Server]

... 清晰的路：下一代互联网: 2016年，互联网数字分配机构（IANA）就向国际互联网工程任务组（IETF）提出建议，新制定的国际互联网标准只支持IPv6，不再兼容IPv4。

< <https://fiber.ofweek.com/2023-02/ART-210001-8440-30586527.html> https://fiber.ofweek.com/2023-02/ART-210001-8440-30586527.html>

 

IP-адрес – что это такое простыми словами и для чего нужны интернет-протоколы [IP-address – what it is in simple words and why Internet protocols are needed]

... Инженерный совет интернета (IETF), который разрабатывает магистральные технологии интернета, разработал новый протокол IPv6, около десяти лет назад. Его потенциальный пул – 340 ундециллион адресов — за числом 340, следуют 36 нулей. Это означает, что мы (теоретически) никогда не исчерпаем все IP-адреса.

< <https://tehnobzor.ru/stati/ip-adres-chto-eto-takoe/> https://tehnobzor.ru/stati/ip-adres-chto-eto-takoe/>

 

**********************

SECURITY & PRIVACY

**********************

Check Point 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of ‘disruption and destruction’ malware

The 2023 Security Report is reflecting on a chaotic year in cybersecurity. The report looks back on a tumultuous 2022, which saw cyberattacks reach an all-time high in response to the Russo-Ukrainian war. Education and Research remains the most targeted sector, but attacks on the healthcare sector registered a 74% increase year-on-year.

< <https://blog.checkpoint.com/2023/02/08/check-point-2023-security-report-cyberattacks-reach-an-all-time-high-in-response-to-geo-political-conflict-and-the-rise-of-disruption-and-destruction-malware/> https://blog.checkpoint.com/2023/02/08/check-point-2023-security-report-cyberattacks-reach-an-all-time-high-in-response-to-geo-political-conflict-and-the-rise-of-disruption-and-destruction-malware/>

 

How Cybersecurity Standards Support the Evolving EU Legislative Landscape

The European Union Agency for Cybersecurity (ENISA) joined forced with the European Standards Organisations (ESOs), CEN, CENELEC and ETSI, to organise their 7th annual conference. The hybrid conference focused on "European Standardisation in support of the EU cybersecurity legislation".

< <https://www.enisa.europa.eu/news/how-cybersecurity-standards-support-the-evolving-eu-legislative-landscape> https://www.enisa.europa.eu/news/how-cybersecurity-standards-support-the-evolving-eu-legislative-landscape>

 

Quad Joint Statement on Cooperation to Promote Responsible Cyber Habits

We the Quad partners of Australia, India, Japan, and the United States are launching a public campaign to improve cyber security across our nations: the Quad Cyber Challenge. We are inviting Internet-users across the Indo-Pacific and beyond to join the Challenge and pledge to practice safe and responsible cyber habits. The Challenge reflects our continuing Quad efforts to strengthen individuals’ and communities’ cyber security awareness and action, as well as to foster a more secure and resilient cyber ecosystem to benefit economies and users everywhere.

< <https://www.whitehouse.gov/briefing-room/statements-releases/2023/02/07/quad-joint-statement-on-cooperation-to-promote-responsible-cyber-habits/> https://www.whitehouse.gov/briefing-room/statements-releases/2023/02/07/quad-joint-statement-on-cooperation-to-promote-responsible-cyber-habits/>

 

Cyberspace and Instability: Reconceptualizing Instability

Lawfare Founding Editor Robert Chesney has a new edited collection, “Cyberspace and Instability,” published by Edinburgh University Press with co-editors James Shires and Max Smeets. Across four sections on escalation, institutions, infrastructure, and subaltern perspectives, the volume includes contributions from more than a dozen scholars, and examines escalatory risk in cyberspace, the role of alliances in the cyber domain, cyberspace’s impact on the stability of the global rules-based-order, and more. As actors across the world increasingly prioritize cyber stability as a policy goal, the volume evaluates definitions and meanings of cyber stability from both classical and critical perspectives.

< <https://www.lawfareblog.com/cyberspace-and-instability-reconceptualizing-instability> https://www.lawfareblog.com/cyberspace-and-instability-reconceptualizing-instability>

 

Security by diversity: The business of security through diversity

With information security such a complex and fast-moving field, how can companies gather enough information to make informed decisions about what is right for their networks? What criteria should you look for, how do you evaluate systems, and how can you determine which methods will scale most effectively?

< <https://blog.apnic.net/2023/02/06/security-by-diversity-the-business-of-security-through-diversity/> https://blog.apnic.net/2023/02/06/security-by-diversity-the-business-of-security-through-diversity/>

 

us: Cybersecurity High-Risk Series: Challenges in Protecting Cyber Critical Infrastructure

Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges. In this report, the third in a series of four, we cover the action related to protecting cyber critical infrastructure—specifically, strengthening the federal role in cybersecurity for critical infrastructure. For example, the Department of Energy needs to address cybersecurity risks to the U.S. power grid.

< <https://www.gao.gov/products/gao-23-106441> https://www.gao.gov/products/gao-23-106441>

 

**********************

INTERNET OF THINGS

**********************

Realising the power of the Internet of Things

Paul Vaclik, Head of R&D and Architecture at Nomad Digital, shares his thoughts on the value of the Internet of Things for public transport and its passengers, and considers what the future of IoT and improved connectivity may look like.

< <https://www.intelligenttransport.com/transport-articles/143607/realising-the-power-of-the-internet-of-things/> https://www.intelligenttransport.com/transport-articles/143607/realising-the-power-of-the-internet-of-things/>

 

Building the backbone for innovation, speed and thriving humanity

>From AI-powered platforms that can detect abnormal activities in supermarkets, to edge servers helping preserve biodiversity in remote locations, today’s technologies drive innovation in ways never before imaginable. “Innovation serves the purpose of making our life better, our work more productive, and our planet more sustainable,” says Yuanqing Yang, CEO and chairman of Lenovo.

< <https://www.technologyreview.com/2023/02/08/1067126/building-the-backbone-for-innovation-speed-and-thriving-humanity/> https://www.technologyreview.com/2023/02/08/1067126/building-the-backbone-for-innovation-speed-and-thriving-humanity/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Evolving 3GPP standards set roadmap for lawful intelligence

The evolution of telecommunication industry standards has been marked by a steady and methodical progression of revision and refinement. The gradual nature of standards development (generally 1.5 to 2 years between 3GPP Releases) makes it a useful strategic narrative for both communication service providers (CSPs) and law enforcement agencies (LEAs). For example, network slicing support was specified in 2018 within 3GPP Release 15, which was also the Phase 1 of 5G specification.

< <https://www.mobileeurope.co.uk/evolving-3gpp-standards-set-roadmap-for-lawful-intelligence/> https://www.mobileeurope.co.uk/evolving-3gpp-standards-set-roadmap-for-lawful-intelligence/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

in: Willing to partner IEEE to make telecom products more standardized: Telecom secy

Telecom secretary K Rajaraman said the government is willing to join hands with the Institute of Electrical and Electronics Engineers (IEEE) to make telecom products more standardized, secure, affordable, user-friendly and all-encompassing.

< <https://www.livemint.com/industry/telecom/willing-to-partner-ieee-to-make-telecom-products-more-standardized-telecom-secy-11675845968771.html> https://www.livemint.com/industry/telecom/willing-to-partner-ieee-to-make-telecom-products-more-standardized-telecom-secy-11675845968771.html>

 

The EU’s Approach to AI Standards Is Protectionist and Will Undermine Its AI Ambitions

The EU’s proposed Artificial Intelligence Act (AIA) will oblige companies to comply with yet-to-be-developed technical standards in order to demonstrate they meet the essential requirements of the bill. However, the EU’s plan for establishing these standards is too rushed, excludes global experts, and has unrealistic goals. Unless the EU remedies these issues, the AI Act’s forthcoming standards will undermine AI uptake in the bloc and its goal of ensuring safe AI.

< <https://datainnovation.org/2023/02/the-eus-approach-to-ai-standards-is-protectionist-and-will-undermine-its-ai-ambitions/> https://datainnovation.org/2023/02/the-eus-approach-to-ai-standards-is-protectionist-and-will-undermine-its-ai-ambitions/>

 

ETSI Adopts Software-Centric Standardization Approach

The European Telecommunications Standards Institute (ETSI) unveiled Software Development Groups (SDGs) as a way to improve the standardization process through early, collaborative, software-defined testing and validation.

< <https://www.sdxcentral.com/articles/news/etsi-adopts-software-centric-standardization-approach/2023/02/> https://www.sdxcentral.com/articles/news/etsi-adopts-software-centric-standardization-approach/2023/02/>

 

The IPv4 Price Inversion

A curious price inversion has occurred in IPv4 markets. The long-term trend that discounted large blocks has reversed. The graph identifies /15 and /16 (large) block pricing per IP address throughout the period in the form of dark spots. It is evident that, for most of the timeframe here (2014 to the first half of 2021), large blocks sold at a significant discount. One might guess that the administrative chores related to large-network needs were most efficiently and cheaply satisfied with large blocks.

< <https://circleid.com/posts/20230207-the-ipv4-price-inversion> https://circleid.com/posts/20230207-the-ipv4-price-inversion>

 

What to expect from the GSMA Ministerial Programme 2023

The GSMA Ministerial Programme, taking place from 27 February to 1 March, is the centre of the policy debate at MWC Barcelona. Over the three days, the agenda will explore today’s priority themes, such as consumer privacy in the metaverse and data-powered humanitarian impact. Delegates will also delve into issues of network investment, 5G expansion, digital inclusion, spectrum policy and regulating the data economy.

< <https://www.gsma.com/publicpolicy/what-to-expect-from-the-gsma-ministerial-programme-2023> https://www.gsma.com/publicpolicy/what-to-expect-from-the-gsma-ministerial-programme-2023>

 

The Year Ahead in Digital Policy: Regulating the Metaverse

The metaverse creates an immersive space for interactions that were previously only physical or only digital. This will disrupt how people live, work and socialise, making the metaverse key to the next wave of digital transformation. Industry players and investors are jumping on the bandwagon, looking for new use cases and monetisation opportunities.

< <https://www.gsma.com/publicpolicy/the-year-ahead-in-digital-policy-regulating-the-metaverse> https://www.gsma.com/publicpolicy/the-year-ahead-in-digital-policy-regulating-the-metaverse>

 

Solidarity not solutionism: Wayfinding just paths for digital infrastructure that serves the planet

On 25 January, the European Digital Rights initiative (EDRi) hosted Privacy Camp 2023, which brought together digital rights advocates and technologists with a call to explore the critical infrastructure of digital technologies, and how they feed into and foster the multiple crises we inhabit.

< <https://www.apc.org/en/news/solidarity-not-solutionism-wayfinding-just-paths-digital-infrastructure-serves-planet> https://www.apc.org/en/news/solidarity-not-solutionism-wayfinding-just-paths-digital-infrastructure-serves-planet>

 

Ten Principles for Regulation That Does Not Harm AI Innovation

Artificial intelligence (AI) has the potential to create many significant economic and social benefits. However, concerns about the technology have prompted policymakers to propose a variety of laws and regulations to create “responsible AI.” Unfortunately, many proposals would likely harm AI innovation because few have considered what “responsible regulation of AI” entails. This report offers ten principles to guide policymakers in crafting and evaluating regulatory proposals for AI that do not harm innovation.

< <https://datainnovation.org/2023/02/ten-principles-for-regulation-that-does-not-harm-ai-innovation/> https://datainnovation.org/2023/02/ten-principles-for-regulation-that-does-not-harm-ai-innovation/>

 

Towards a systematic user-based approach for studying Internet outages

As Internet access becomes increasingly recognized as a universal human right, it becomes increasingly important to ensure that users have reliable and effective access. However, it is surprisingly hard today for Internet users to voice their complaints in a well-defined and structural way when this right is not adequately satisfied. This limitation has led to the conventional approach of studying Internet outages remotely by analysing network signals originating from the areas of interest.

< <https://blog.apnic.net/2023/02/10/towards-a-systematic-user-based-approach-for-studying-internet-outages/> https://blog.apnic.net/2023/02/10/towards-a-systematic-user-based-approach-for-studying-internet-outages/>

 

Engineering Change on a Global Scale

Professor Henry Louie receives award in recognition of his considerable contributions in electrical and computer engineering in projects rooted in humanitarianism.

< <https://www.seattleu.edu/newsroom/stories/2023/engineering-change-on-a-global-scale.html> https://www.seattleu.edu/newsroom/stories/2023/engineering-change-on-a-global-scale.html>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home