[Newsclips] IETF SYN-ACK Newspack 2022-10-17

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

World Standards Day 2022: History and significance

Aiming to spread awareness about the importance of standardisation in the global economy among consumers, regulators, and industries, 14 October is celebrated as World Standards Day every year. Also known as International Standards Day, World Standards Day pays tribute to the thousands of experts across the globe who collaborated to develop voluntary technical agreements, which are published as the International Standards. The special day highlights the importance of implementing the internationally accepted technical standards, that include the capability to travel efficiently to access fresh water and cleaner energy, to ensure standard safety and security measures. World Standards Day is a collaborative initiative of the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the ITU. ... Honouring the contributions of organisations such as the ISO, IEC, ITU, International Ethics Standards Board for Accountants (IESBA), and the IETF, World Standards Day also felicitates the experts working with these honorary organisations. The day is dedicated to creating awareness regarding the importance of standardisation in a contemporary globalised world.

< <https://www.firstpost.com/world/world-standards-day-2022-history-and-significance-11439151.html> https://www.firstpost.com/world/world-standards-day-2022-history-and-significance-11439151.html>

 

World Standards Day 2022: Theme, History, Significance and All You Need to Know

Every year on October 14, the World Standards Day is observed. This day, also known as International Standards Day, strives to educate consumers, policymakers, and businesses about the value of standardisation. ... World Standards Day recognises the contributions of groups like the ITU, International Electrotechnical Commission (IEC), International Ethics Standards Board for Accountants (IESBA), IETF, and the ISO, as well as the professionals, who collaborate with them.

< <https://www.news18.com/news/lifestyle/world-standards-day-2022-theme-history-significance-and-all-you-need-to-know-6143641.html> https://www.news18.com/news/lifestyle/world-standards-day-2022-theme-history-significance-and-all-you-need-to-know-6143641.html>

< <https://www.msn.com/en-in/entertainment/news/world-standards-day-2022-theme-history-significance-and-all-you-need-to-know/ar-AA12WrIH> https://www.msn.com/en-in/entertainment/news/world-standards-day-2022-theme-history-significance-and-all-you-need-to-know/ar-AA12WrIH>

< <https://www.freepressjournal.in/world/world-standards-day-2022-date-history-and-all-you-need-to-know> https://www.freepressjournal.in/world/world-standards-day-2022-date-history-and-all-you-need-to-know>

< <https://www.msn.com/en-in/money/news/world-standards-day-2022-date-history-and-all-you-need-to-know/ar-AA12VnFA> https://www.msn.com/en-in/money/news/world-standards-day-2022-date-history-and-all-you-need-to-know/ar-AA12VnFA>

< <https://thefederal.com/business/world-standards-day-2022-theme-history-and-significance/> https://thefederal.com/business/world-standards-day-2022-theme-history-and-significance/>

 

IPv6 extension headers revisited

The topic of the robustness of IPv6 extension headers has experienced a resurgence of interest in recent months. I’d like to update our earlier report on this topic with some more recent measurement data. ... Earlier work was presented at the IETF 108 meeting in July 2020 by researchers from the University of Aberdeen. Their work used the Alexa top 1M and use DNS queries over IPv6 in an end-to-end traversal test. It appears that the HBH and DST options tested were a PadN option, presumably of 4 bytes in length. The HBH drop rate appeared to be of the order of 80% to 85%, while the DST drop rate was approximately 50%.

< <https://www.potaroo.net/ispcol/2022-10/v6eh.html> https://www.potaroo.net/ispcol/2022-10/v6eh.html>

< <https://blog.apnic.net/2022/10/13/ipv6-extension-headers-revisited/> https://blog.apnic.net/2022/10/13/ipv6-extension-headers-revisited/>

 

World Standards Day celebrates on 14th October

... World Standards Day recognises the contributions of groups like the ITU, International Electrotechnical Commission (IEC), International Ethics Standards Board for Accountants (IESBA), IETF, and the ISO, as well as the professionals, who collaborate with them.

< <https://currentaffairs.adda247.com/world-standards-day-celebrates-on-14th-october/> https://currentaffairs.adda247.com/world-standards-day-celebrates-on-14th-october/>

 

Most Apple apps on iOS 16 bypass VPN connections

... There definitely are VPN standards, or at least proposed standards, for VPN protocols under IETF. These are generally defined at the transport level and security authentication level bringing in IPSec standards for things like certificate exchanges.

< <https://forums.appleinsider.com/discussion/229191> https://forums.appleinsider.com/discussion/229191>

 

L’AFNIC refont son système de registre [AFNIC rebuilds its registry system]

... l’Afnic a fait le choix d’une réécriture complète de son application SRS (Shared Registry System). Après avoir évalué les solutions et les technologies du marché, l’Afnic a conçu le nouveau système d’enregistrement du .fr intégralement « made in France ». Il intègre des langages de programmation modernes, des architectures et systèmes de bases de données parfaitement conformes à l’état de l’art et scrupuleusement respectueuses des standards de l’IETF. Il constitue ainsi une brique essentielle, maîtrisée de bout en bout, de la souveraineté numérique française.

< <https://www.linformaticien.com/magazine/cloud/60158-l-afnic-refont-son-systeme-de-registre.html> https://www.linformaticien.com/magazine/cloud/60158-l-afnic-refont-son-systeme-de-registre.html>

 

Schwachstellen in RPKI: Schutz des Internet-Traffic ausgehebelt [Vulnerabilities in RPKI: Protection of Internet traffic undermined]

... Wenn Teile des Internetverkehrs fehlgeleitet werden, sorgt das für großes Aufsehen, wie etwa im März dieses Jahres, als der Verkehr für Twitter teilweise nach Russland umgelenkt wurde. Ganze Unternehmen oder Länder können so vom Internet abgeschnitten oder Internetverkehr abgefangen oder belauscht werden. Technisch betrachtet stecken hinter solchen Angriffen meist Prefix-Hijacks. Diese nutzen ein fundamentales Designproblem des Internets aus: Die Festlegung, welche IP-Adresse zu welchem Netz gehört, ist nicht abgesichert. Um zu verhindern, dass ein Netz im Internet IP-Adressblöcke beansprucht, die ihm nicht rechtmäßig gehören, hat die IETF, die für das Internet zuständige Standardisierungsorganisation, die Ressource Public Key Infrastructure (RPKI) standardisiert. RPKI nutzt digital signierte Zertifikate, die bestätigen, dass ein bestimmter IP-Adressblock tatsächlich zu dem angegebenen Netz gehört. Mittlerweile haben, nach Messungen des ATHENE-Teams, knapp 40 Prozent aller IP-Adressblöcke ein RPKI-Zertifikat, und ca. 27 Prozent aller Netze prüfen diese Zertifikate.

< <https://www.security-insider.de/schutz-des-internet-traffic-ausgehebelt-a-dc86f89cde727a253e329bc977d97b48/> https://www.security-insider.de/schutz-des-internet-traffic-ausgehebelt-a-dc86f89cde727a253e329bc977d97b48/>

 

Internet kaputt? Wichtiger Sicherheitsmechanismus RPKI ausgehebelt [Internet broken? Important RPKI security mechanism undermined]

... Damit ein Netz im Internet nicht einfach IP-Adressblöcke beansprucht, die ihm nicht gehören, hat die zuständige Standardisierungsorganisation IETF die sogenannte Resource Public Key Infrastructure (RPKI) standardisiert.

< <https://t3n.de/news/internet-kaputt-wichtiger-sicherheitsmechanismus-rkpi-ausgehebelt-1504511/> https://t3n.de/news/internet-kaputt-wichtiger-sicherheitsmechanismus-rkpi-ausgehebelt-1504511/>

 

Internet.nl kan websites nu ook testen op aanwezigheid van security.txt [Internet.nl can now also test websites for the presence of security.txt]

... Eerder dit jaar besloot de IETF van security.txt een RFC (Request for Comments) te maken. De IETF is een standaardenorganisatie die zich via discussies binnen de internet community bezighoudt met het ontwikkelen van vrijwillige internetstandaarden. Door de publicatie van RFC 9116 is security.txt nu een specificatie geworden, maar geen internetstandaard.

< <https://www.security.nl/posting/770621/Internet_nl+kan+websites+nu+ook+testen+op+aanwezigheid+van+security_txt> https://www.security.nl/posting/770621/Internet_nl+kan+websites+nu+ook+testen+op+aanwezigheid+van+security_txt>

 

Vectis IP intenta cambiar el estado de la licencia de Opus y convoca a un grupo de patentes [Vectis IP attempts to change Opus license status and convenes patent group]

... Para quienes desconocen de este codec, deben saber que hace 10 años, Opus fue estandarizado (RFC 6716) por el IETF como un códec de audio libre de regalías para aplicaciones de Internet y no interfiere con tecnologías propietarias.

< <https://www.linuxadictos.com/vectis-ip-intenta-cambiar-el-estado-de-la-licencia-de-opus-y-convoca-a-un-grupo-de-patentes.html> https://www.linuxadictos.com/vectis-ip-intenta-cambiar-el-estado-de-la-licencia-de-opus-y-convoca-a-un-grupo-de-patentes.html>

 

Papel da UIT na governança da Internet aumenta na PP-22 [ITU's role in Internet governance increases in PP-22]

... Essas entidades incluem organismos como a ICANN, que administra os recursos de nomes e domínios da camada técnica da rede – e que já não traz mais a discussão sobre a governança multissetorial da década passada. A UIT também citou entre as entidades os registros regionais de Internet (RIRs), a IETF, a Internet Society (Isoc) e o World Wide Web Consortium (W3C).

< <https://teletime.com.br/14/10/2022/papel-da-uit-na-governanca-da-internet-aumenta-na-pp-22/> https://teletime.com.br/14/10/2022/papel-da-uit-na-governanca-da-internet-aumenta-na-pp-22/>

 

Az internet biztonságáról gondoskodó alapvető mechanizmus elromlott [The basic mechanism to ensure internet security has broken down]

... Eszerint az internetes forgalom egy részének félreirányítása nagy feltűnést kelt, ahogy ez idén márciusban történt, amikor a Twitter forgalmát részben Oroszországba terelték. Egész vállalatokat vagy országokat lehet elvágni az internettől, vagy óriási léptékben lehet lehallgatni az internetes forgalmat. Technikai szempontból az ilyen támadások általában prefix eltérítéseken alapulnak. Az internet alapvető tervezési problémáját használják ki: nincs biztosítva annak meghatározása, hogy melyik IP-cím melyik hálózathoz tartozik. Annak megakadályozására, hogy az internet bármely hálózata olyan IP-címblokkokat igényelhessen magának, amelyek nincsenek jogszerűen a tulajdonában, az IETF, az internetért felelős szervezet szabványosította a Resource Public Key Infrastructure-t (RPKI).

< <https://computerworld.hu/biztonsag/az-internet-biztonsagarol-gondoskodo-alapveto-mechanizmus-elromlott-317502.html> https://computerworld.hu/biztonsag/az-internet-biztonsagarol-gondoskodo-alapveto-mechanizmus-elromlott-317502.html>

 

独特的IETF：互联网标准产生机制揭秘 [Unique IETF: Internet Standards Generation Mechanism Demystified]

中国作为世界大国和网民最多的国家，更需要积极参与IETF，培养大量互联网人才。

< <https://www.edu.cn/xxh/zt/tj/202210/t20221010_2249426.shtml> https://www.edu.cn/xxh/zt/tj/202210/t20221010_2249426.shtml>

 

**********************

SECURITY & PRIVACY

**********************

Hidden DNS resolver insecurity creates widespread website hijack risk

Hidden DNS resolvers create a means for carrying out email redirection and account takeover attacks, security researchers warn.

< <https://portswigger.net/daily-swig/hidden-dns-resolver-insecurity-creates-widespread-website-hijack-risk> https://portswigger.net/daily-swig/hidden-dns-resolver-insecurity-creates-widespread-website-hijack-risk>

 

Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style

By analyzing closed DNS resolvers on the Internet, we found numerous ISPs and hosting providers that are vulnerable to trivial Kaminsky attacks. This allows an attacker to manipulate the DNS name resolution of thousands of systems. As a consequence, e-mail redirections, account takeovers and even the compromise of entire systems may be possible. Closed DNS resolvers all across the world are affected.

< <https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/> https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/>

 

The computer errors from outer space

The Earth is subjected to a hail of subatomic particles from the Sun and beyond our solar system which could be the cause of glitches that afflict our phones and computers. And the risk is growing as microchip technology shrinks.

< <https://www.bbc.com/future/article/20221011-how-space-weather-causes-computer-errors> https://www.bbc.com/future/article/20221011-how-space-weather-causes-computer-errors>

 

OECD: Security of the DNS: An introduction for policy makers

The DNS underpins the very functioning of the Internet and today’s global economy. As a result, the impact of unintentional incidents as well as cyberattacks on the DNS can be significant. This report focuses on DNS security, i.e. the area of cybersecurity that covers incidents disrupting the availability, integrity and confidentiality of parts of the DNS ecosystem. It analyses the roles and vulnerabilities of actors in the DNS ecosystem, highlights common misconceptions, and discusses the role of governments in enhancing DNS security. The report notably underlines that there is no panacea for DNS security and that promising technical solutions often come with trade-offs.

< <https://www.oecd-ilibrary.org/science-and-technology/security-of-the-domain-name-system-dns_285d7875-en> https://www.oecd-ilibrary.org/science-and-technology/security-of-the-domain-name-system-dns_285d7875-en>

 

OECD: Routing security: BGP incidents, mitigation techniques and policy actions

The routing system plays a fundamental role in the operation of the Internet and its security is of critical importance to the digital security of communication networks. However, there are many examples of accidental and intentional routing disruptions and security breaches that disrupt the Internet and impact networks’ digital security. This report analyses available data to quantify the scope and scale of routing incidents occurring on the global Internet, presents some of the available security techniques to limit these incidents and considers their effectiveness. While the routing system transcends national borders, the report offers policy makers a series of concrete actions to improve routing security.

< <https://www.oecd-ilibrary.org/science-and-technology/routing-security_40be69c8-en> https://www.oecd-ilibrary.org/science-and-technology/routing-security_40be69c8-en>

 

Status of RPKI in Australia and New Zealand

The world needs a secure and resilient Internet, especially in the face of an ongoing pandemic still driving more activity and more people online. The trend makes cybersecurity a crucial issue as citizens and businesses increasingly move to exclusively digital modes.

< <https://blog.apnic.net/2022/10/14/status-of-rpki-in-australia-and-new-zealand/> https://blog.apnic.net/2022/10/14/status-of-rpki-in-australia-and-new-zealand/>

 

FACT SHEET: Biden-⁠Harris Administration Delivers on Strengthening America’s Cybersecurity

The Biden-Harris Administration has brought a relentless focus to improving the United States’ cyber defenses, building a comprehensive approach to “lock our digital doors” and take aggressive action to strengthen and safeguard our nation’s cybersecurity, including:

< <https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/11/fact-sheet-biden-harris-administration-delivers-on-strengthening-americas-cybersecurity/> https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/11/fact-sheet-biden-harris-administration-delivers-on-strengthening-americas-cybersecurity/>

 

**********************

INTERNET OF THINGS

**********************

The FBI Publishes Statement – Unpatched and Outdated IoT Devices Increase Cyber Attack Opportunities

What Happened? The FBI recently issued an industry notification around unpatched and outdated devices, warning the public that cyber criminals are increasingly targeting internet-connected devices for the purpose ofexploiting their vulnerabilities

< <https://blog.checkpoint.com/2022/10/14/the-fbi-publishes-statement-unpatched-and-outdated-iot-devices-increase-cyber-attack-opportunities/> https://blog.checkpoint.com/2022/10/14/the-fbi-publishes-statement-unpatched-and-outdated-iot-devices-increase-cyber-attack-opportunities/>

 

Smart buildings may be your cybersecurity downfall

According to a recent eEnergy report, 30 per cent of all purchased energy in the UK is currently wasted in commercial buildings, warehouses and education facilities.

< <https://www.helpnetsecurity.com/2022/10/14/smart-buildings-cybersecurity/> https://www.helpnetsecurity.com/2022/10/14/smart-buildings-cybersecurity/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

How NDI 5 Impacts AVoIP Remote Live Production

Among a range of significant improvements, NDI 5 delivers support for the Reliable User Datagram Protocol (RUDP). Previously, multi-TCP acted as the default transportation of NDI, but the efficiency of network bandwidth utilization was low, especially for wireless applications or when the network was not as effective, adding significant challenges for real-time transmission. NDI 5, however, uses a new transmission mechanism of RUDP, known as Quick UDP Internet Connections (QUIC), to perform better in an unstable network.

< <https://www.avnetwork.com/news/how-ndi-5-impacts-avoip-remote-live-production> https://www.avnetwork.com/news/how-ndi-5-impacts-avoip-remote-live-production>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Innovation, digital transformation, decarbonization: Why the world needs telecom standards

Each year at the World Standards Day we celebrate the efforts of experts worldwide who have worked and collaborated to make standards that help society progress in an inclusive, shared and fair way. In telecom, standardization through 3GPP has enabled global connectivity, created millions of jobs and contributed a significant proportion of global GDP. Here’s how.

< <https://www.ericsson.com/en/blog/2022/10/why-telecoms-standards-are-important> https://www.ericsson.com/en/blog/2022/10/why-telecoms-standards-are-important>

 

Let’s continue putting more minds to the task of standards development

Where there’s a will, there’s a way. Impactful standards are the result of strong will to come together and build consensus on the way forward.

< <https://www.itu.int/hub/2022/10/standards-day-and-the-task-of-standards-development/> https://www.itu.int/hub/2022/10/standards-day-and-the-task-of-standards-development/>

 

What Russia’s Cyber Sovereignty Woes Tell Us About a Future “Splinternet” by Elizabeth Kerley, Program Officer, International Forum for Democratic Studies

Since launching its full-scale invasion of Ukraine, Russia has been putting its longstanding aspirations for “cyber sovereignty” to the test. In keeping with its longstanding objectives of “technological independence and information control,” the Kremlin has promoted homegrown tech in the face of sanctions while also halting the flow of independent information. Meanwhile this April, 61 mostly democratic countries signed a declaration articulating a vision for an internet that is “open, free, global, interoperable, reliable, and secure.” What does this clash of visions portend for the digital domain?

< <https://www.ned.org/digital-directions-october-13-2022/> https://www.ned.org/digital-directions-october-13-2022/>

 

Vint Cerf hails ESnet6 a 'turning point' in computer networking

The latest version of the US Department of Energy's dedicated network for collaboration between the DOE's different research labs (comprising "premier" scientific instruments and supercomputers) has been formally unveiled.

< <https://www.lightreading.com/opticalip-networks/vint-cerf-hails-esnet6-turning-point-in-computer-networking/d/d-id/781041> https://www.lightreading.com/opticalip-networks/vint-cerf-hails-esnet6-turning-point-in-computer-networking/d/d-id/781041>

 

Predicting IPv4 services across all ports

Internet-wide scanning — the process of initiating network connections with public services on a set of given ports — allows researchers and network operators to understand how the Internet works in practice.

< <https://blog.apnic.net/2022/10/11/predicting-ipv4-services-across-all-ports/> https://blog.apnic.net/2022/10/11/predicting-ipv4-services-across-all-ports/>

 

Upcoming: W3C Workshop on Permissions

W3C announced today a Workshop on Permissions, 5–6 December 2022, in Munich, Germany. The event is hosted by Google.

< <https://www.w3.org/blog/news/archives/9714> https://www.w3.org/blog/news/archives/9714>

 

The Internet Is Not Facebook: Why Infrastructure Providers Should Stay Out of Content Policing

Cloudflare’s recent headline-making decision to refuse its services to KiwiFarms—a site notorious for allowing its users to wage harassment campaigns against trans people—is likely to lead to more calls for infrastructure companies to police online speech. Although EFF would shed no tears at the loss of KiwiFarms (which is still online as of this writing), Cloudflare’s decision re-raises fundamental, and still unanswered, questions about the role of such companies in shaping who can, and cannot, speak online.

< <https://www.eff.org/deeplinks/2022/10/internet-not-facebook-why-infrastructure-providers-should-stay-out-content> https://www.eff.org/deeplinks/2022/10/internet-not-facebook-why-infrastructure-providers-should-stay-out-content>

 

nl: JouwWeb enables DANE security for 60,000 mail domains

Early this year, website platform JouwWeb enabled DANE for all its managed domain names, thus increasing the security of mail transport to and from the domains.

< <https://www.sidn.nl/en/news-and-blogs/jouwweb-enables-dane-security-for-60000-mail-domains> https://www.sidn.nl/en/news-and-blogs/jouwweb-enables-dane-security-for-60000-mail-domains>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home