[Newsclips] IETF SYN-ACK Newspack 2022-08-15

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

ICANN Request for Proposal (RFP): PTI SOC2 & SOC3 Audits

The ICANN organization today issued a RFP to identify a provider to conduct service organization control audits. These audits represent an important component of the accountability ICANN has to Internet stakeholders for the proper performance of the IANA functions. The audits are mandated by the various contracts between ICANN and the IETF, the Regional Internet Registries (RIR) and Public Technical Identifiers (PTI).

< <https://www.icann.org/en/announcements/details/icann-request-for-proposal-rfp-pti-soc2-soc3-audits-08-08-2022-en> https://www.icann.org/en/announcements/details/icann-request-for-proposal-rfp-pti-soc2-soc3-audits-08-08-2022-en>

 

The HTTPS record passes a key milestone

For the past several years, the DNS operations group at the IETF has been developing a pair of new record types known as ‘SVCB’ and ‘HTTPS’. In May, their specification was formally approved for publication by the Internet Engineering Steering Group (IESG). This milestone marks these new record types as ready for production use on the public Internet.

< <https://blog.apnic.net/2022/08/10/the-https-record-passes-a-key-milestone/> https://blog.apnic.net/2022/08/10/the-https-record-passes-a-key-milestone/>

 

John Morris Joins Internet Society as Principal, Internet Policy and Advocacy

The Internet Society, a global nonprofit organization that promotes the development and use of an open, globally connected, and secure Internet, today announced the appointment of John B. Morris, Jr., as Principal, U.S. Internet Policy and Advocacy. With a career in technology policy spanning the public, nonprofit, and private sectors, Morris joins the Internet Society after most recently holding the position of senior non-resident fellow with the Center for Technology Innovation at the Brookings Institution. ... Morris has also served as General Counsel of the Center for Democracy and Technology (CDT), and the Director of CDT’s Internet Standards, Technology and Policy Project, Morris led the organization’s work on free expression issues, and worked on privacy, surveillance, cybersecurity, net neutrality, and other issues. He was also active in technical standards development efforts at the IETF and the World Wide Web Consortium.

< <https://www.internetsociety.org/news/press-releases/2022/john-morris-joins-internet-society-as-principal-internet-policy-and-advocacy/> https://www.internetsociety.org/news/press-releases/2022/john-morris-joins-internet-society-as-principal-internet-policy-and-advocacy/>

 

IPv6 Buzz 107: IPv6 Unique Local Addresses (ULA) At IETF 114

In this episode, Ed and Tom talk with Nick Buraglio about ongoing efforts within the IETF to improve ULA. Nick is co-author of the IETF draft “Unintended Operational Issues With ULA” and recently presented at IETF 114 in Philadelphia.

< <https://packetpushers.net/podcast/ipv6-buzz-107-ipv6-unique-local-addresses-at-ietf-114/> https://packetpushers.net/podcast/ipv6-buzz-107-ipv6-unique-local-addresses-at-ietf-114/>

 

Securing the supercloud requires an ecosystem effort, say industry experts

Cloud computing has security issues. The problem is underscored by the complexity of cloud and the lack of visibility into what’s happening with workloads inside software containers that host the components of modern applications. ... Building a secure supercloud will require an ecosystem effort, the experts agreed. Sharrma suggested creating a consortium to build a framework that defines exact operational parameters within a supercloud. This would create a pattern that could be followed regardless of location. “Otherwise, security is going everywhere,” he said. Rittenhouse sees the framework coalescing around more of a business model, while Kueh believes that history will repeat itself, with the industry embracing and extending a set of standards as it did with the IETF.

< <https://siliconangle.com/2022/08/11/securing-supercloud-requires-ecosystem-effort-say-industry-experts-supercloud22/> https://siliconangle.com/2022/08/11/securing-supercloud-requires-ecosystem-effort-say-industry-experts-supercloud22/>

 

Tech Workers Struggle With Hybrid IT Complexity

... Solutions are growing in availability. The IETF, an international community of network designers, operators, vendors and researchers, is working on standards for automated network management, which aim to improve and make the management of networks more efficient as they continue to increase in size and complexity.

< <https://devops.com/tech-workers-struggle-with-hybrid-it-complexity/> https://devops.com/tech-workers-struggle-with-hybrid-it-complexity/>

 

TangoID: el plan de blockchain sobre identidad digital para Buenos Aires [TangoID: the blockchain plan on digital identity for Buenos Aires]

... Las principales características de TangoID son: 1. Sigue estándares internacionales (SSID, IETF, DIF, W3C, Trust OverIP y OpenID, entre otros).

< <https://www.infobae.com/america/tecno/2022/08/12/tangoid-el-plan-de-blockchain-sobre-identidad-digital-para-buenos-aires/> https://www.infobae.com/america/tecno/2022/08/12/tangoid-el-plan-de-blockchain-sobre-identidad-digital-para-buenos-aires/>

 

Ventajas y desventajas de Google Meet [Advantages and disadvantages of Google Meet]

... Tiene uno de los niveles más altos de estándares para salvaguardar los intereses del usuario y la privacidad de los datos. Además, adopta varias medidas de encriptación, como el cifrado tanto de los datos en tránsito para las reuniones de vídeo como de las grabaciones de Meet almacenadas en Google Drive. Además, en Google Meet se han respetado los estándares de seguridad de la IETF.

< <https://www.elheraldodesaltillo.mx/2022/08/11/ventajas-y-desventajas-de-google-meet/> https://www.elheraldodesaltillo.mx/2022/08/11/ventajas-y-desventajas-de-google-meet/>

 

Mahasiswa KKN Undip Lakukan Edukasi Etis Bermedia Sosial kepada Remaja RW 4 Kelurahan Kedungmundu [Undip KKN Students Conduct Ethical Education with Social Media to Adolescents of RW 4 Kedungmundu Village]

... Menurut IETF menetapkan standar netiket terbagi menjadi tiga kategori yaitu one-to-one communication, one-to-many dan information service. Dalam materi dijelaskan setidaknya dua dari ketiga standar itu.

< <https://www.kompasiana.com/rafli2222/62f6b4bfa1aeea7fbf399e16/mahasiswa-kkn-undip-lakukan-edukasi-etis-bermedia-sosial-kepada-remaja-rw-4-kelurahan-kedungmundu> https://www.kompasiana.com/rafli2222/62f6b4bfa1aeea7fbf399e16/mahasiswa-kkn-undip-lakukan-edukasi-etis-bermedia-sosial-kepada-remaja-rw-4-kelurahan-kedungmundu>

 

耐量子計算機暗号へのアルゴリズム移行時の留意点は？ [What points should be kept in mind when migrating algorithms to post-quantum computer cryptography?]

... 現在、インターネット上のデファクト標準RFCシリーズを規定しているIETFでは、インターネット上の暗号通信の規格であるTLS1.3に対し、ハイブリッド方式（※10）という拡張が提案されています。このハイブリッド方式は、正にクリプトアジリティを実現する手法の一つと言えます。システムが既存の暗号方式とPQCの暗号方式の両方を備え、どちらか一方の方式が危殆化により使用不可な状態になっても、安全なもう片方の方式のみでシステムを維持できるようにする概念です。

< <https://www.nttdata.com/jp/ja/data-insight/2022/0808/> https://www.nttdata.com/jp/ja/data-insight/2022/0808/>

 

我国 IPv6 网络“高速公路”全面建成：活跃用户达 6.93 亿 [China's IPv6 network "highway" is fully completed: 693 million active users]

... IPv6 全拼是“Internet Protocol Version 6（互联网协议第 6 版）”。它是互联网工程任务组（IETF）设计的用于替代 IPv4 的下一代 IP 协议，其地址数量号称可以为全世界的每一粒沙子编上一个地址 。目前，我国 IPv6 互联网活跃用户数达 6.93 亿，移动网络 IPv6 流量占比突破 40%。

< <https://www.sohu.com/a/575028292_114760> https://www.sohu.com/a/575028292_114760>

 

**********************

SECURITY & PRIVACY

**********************

Tech companies team up for common cybersecurity data standard

A group of 18 tech companies including Amazon Web Services, Symantec, Crowdstrike, Splunk and Salesforce are building a common data standard to streamline the use of cybersecurity risk threat information.

< <https://techblog.nz/2939-Tech-companies-team-up-for-common-cybersecurity-data-standard> https://techblog.nz/2939-Tech-companies-team-up-for-common-cybersecurity-data-standard>

 

The future of automated incident response

The Forum of Incident Response and Security Teams (FIRST) holds an annual conference to promote coordination and cooperation among global Computer Security Incident Response Teams (CSIRTs). This year’s conference ran from 26 June to 1 July 2022, in Dublin, Ireland. These are Andrew Cormack’s notes on his own presentation and discussions on automated network/security management at the Academic SIG, #FIRSTCON22.

< <https://blog.apnic.net/2022/08/12/the-future-of-automated-incident-response/> https://blog.apnic.net/2022/08/12/the-future-of-automated-incident-response/>

 

Organisations exposing highly sensitive protocols to public internet

ExtraHop has released findings from the ExtraHop Benchmarking Cyber Risk and Readiness report showing that a significant percentage of organisations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet.

< <https://itbrief.com.au/story/organisations-exposing-highly-sensitive-protocols-to-public-internet> https://itbrief.com.au/story/organisations-exposing-highly-sensitive-protocols-to-public-internet>

 

‘Highly sensitive’ protocols exposed to public Internet, warns ExtraHop Featured

A significant percentage of organisations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, according to the latest Cyber Risk and Readiness report from network detection and response specialist ExtraHop.

< <https://itwire.com/business-it-news/security/‘highly-sensitive’-protocols-exposed-to-public-internet,-warns-extrahop.html> https://itwire.com/business-it-news/security/‘highly-sensitive’-protocols-exposed-to-public-internet,-warns-extrahop.html>

 

us: After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks

The unprecedented ransomware attack against Colonial Pipeline last year shows that critical infrastructure operators have made little progress in protecting their networks 12 years after the discovery of Stuxnet.

< <https://www.darkreading.com/risk/colonial-pipeline-critical-infrastructure-operators-blind-cyber-risks> https://www.darkreading.com/risk/colonial-pipeline-critical-infrastructure-operators-blind-cyber-risks>

 

us: Connecting the Dots to Drive Down Cyber Risk Together: The Superheroes Behind the Nation’s JCDC

Over the past several years, it has become increasingly clear that old models of public-private partnership are no longer sufficient to meet the scale and pace of the cyber threat. Last August, we created the Joint Cyber Defense Collaborative (JCDC) to fundamentally transform how we reduce cyber risk to our country: through continuous operational collaboration between trusted partners and by conducting rigorous planning to address the most significant threats before damaging intrusions occur.

< <https://www.cisa.gov/blog/2022/08/12/connecting-dots-drive-down-cyber-risk-together-superheroes-behind-nations-jcdc> https://www.cisa.gov/blog/2022/08/12/connecting-dots-drive-down-cyber-risk-together-superheroes-behind-nations-jcdc>

 

**********************

INTERNET OF THINGS

**********************

The Internet of Things needs ultra-compact supercapacitors

Increased demand for super tiny electronic sensors coming from healthcare, environmental services and the Internet of Things is prompting a search for equally tiny ways to power these sensors. A review of the state of ultracompact supercapacitors, or "micro-supercapacitors," concludes there is still a lot of research to be done before these devices can deliver on their promise.

< <https://techxplore.com/news/2022-08-internet-ultra-compact-supercapacitors.html> https://techxplore.com/news/2022-08-internet-ultra-compact-supercapacitors.html>

 

Chinese technology in the ‘Internet of Things’ poses a new threat to the west

The UK’s move to ban Huawei from its 5G telecoms networks has brought the debate about the security threat from Chinese equipment into the mainstream. There are increasing concerns about western exposure to potentially risky technology: only last month, British MPs and peers called on the government to crack down on the use of surveillance equipment from two Chinese companies, Hikvision and Dahua, which have already been blacklisted by Washington. However, there is one threat that has gone under the radar: the tiny components made by Chinese companies in devices connected by the Internet of Things.

< <https://www.ft.com/content/cd81e231-a8d3-4bc0-820a-13f525a76117> https://www.ft.com/content/cd81e231-a8d3-4bc0-820a-13f525a76117>

 

Chinese tech in 'Internet of Things' poses new threat to West: Reports

As soon as the UK decided to ban China's telecommunication Huawei, from its 5G telecoms networks, the debate regarding the security threat from Chinese equipment again intensified in the mainstream.

< <https://www.business-standard.com/article/international/chinese-tech-in-internet-of-things-poses-new-threat-to-west-reports-122081200086_1.html> https://www.business-standard.com/article/international/chinese-tech-in-internet-of-things-poses-new-threat-to-west-reports-122081200086_1.html>

 

Can the Military Harness the Internet of Things’ True Potential?

In the 1990s, the U.S. Department of Defense put forward a new military doctrine called Network-Centric Warfare (NCW). The objective was to integrate emerging tactics, techniques, and procedures to bolster the warfighting capabilities of the military. To achieve this end, transforming information into combat power is critical. The Internet of Things, or IoT, refers to all those devices that are today connected to the internet and are sharing and collecting data. Real-time data collection and its analysis with the help of Artificial Intelligence (AI) is the main feature of IoT. Thus, the military application of IoT can be a breakthrough moment for Network-Centric Warfare.

< <https://nationalinterest.org/blog/techland-when-great-power-competition-meets-digital-world/can-military-harness-internet-things’> https://nationalinterest.org/blog/techland-when-great-power-competition-meets-digital-world/can-military-harness-internet-things’>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Call for Papers: IAB workshop on Environmental Impact of Internet Applications and Systems

The Internet Architecture Board (IAB) is organizing a workshop to discuss the Internet’s environmental impact, the evolving needs from industry, and areas for possible improvements and future work. While the focus is on technical aspects, the workshop’s scope includes the connected devices, applications, data centers, communications links, and other elements that make up the entire Internet ecosystem. For more information, see the Call for Papers for the IAB workshop on Environmental Impact of Internet Applications and Systems. Submissions are due by 2022-10-31.

< <https://www.iab.org/2022/08/09/call-for-papers-iab-workshop-on-environmental-impact-of-internet-applications-and-systems/> https://www.iab.org/2022/08/09/call-for-papers-iab-workshop-on-environmental-impact-of-internet-applications-and-systems/>

 

Exploring Digital Sovereignty

The Internet is a force. An intangible force of good, made from tangible parts and plays a bigger and bigger role in our everyday life. It’s comprised of millions of individual networks that allow us to connect and communicate with each other. Its open and global infrastructure is designed to work seamlessly across borders. This cross-border flow is facilitated through machines and systems that speak a common language: a set of open protocols. This language, which includes protocols such as TCP/IP and HTTP, allows any Internet user, anywhere in the world, to access and provide information and services to and from any part of the globe.

< <https://www.internetsociety.org/blog/2022/08/exploring-digital-sovereignty/> https://www.internetsociety.org/blog/2022/08/exploring-digital-sovereignty/>

 

The most important election you never heard of by Tom Wheeler

The International Telecommunication Union (ITU) has been described as “The most important UN agency you have never heard of.” The ITU’s upcoming quadrennial Plenipotentiary Conference, to be held in Bucharest, Romania this September 26th through October 14th, will host the most important election you have never heard of.

< <https://www.brookings.edu/blog/techtank/2022/08/12/the-most-important-election-you-never-heard-of/> https://www.brookings.edu/blog/techtank/2022/08/12/the-most-important-election-you-never-heard-of/>

 

Google tries publicly shaming Apple into adopting RCS

Google is kicking off a new publicity campaign today to pressure Apple into adopting RCS, the cross-platform messaging protocol that’s meant to be a successor to the aging SMS and MMS standards.

< <https://www.theverge.com/2022/8/9/23297951/google-apple-rcs-adoption-campaign-getthemessage-blue-green-messages> https://www.theverge.com/2022/8/9/23297951/google-apple-rcs-adoption-campaign-getthemessage-blue-green-messages>

 

Quantum Internet Protocols

Abstract: What do quantum computing advancements mean for Internet infrastructure? The Internet’s technical architecture is wholly digital. Binary code (0s and 1s) can represent any type of information from text to video and be transmitted over a network with a necessary overlay of digital functions ranging from error checking and compression to addressing and encryption. This digital approach forms the basis of all infrastructures underlying social media, global financial systems, the Internet of Things, and all industry networks. Emerging quantum information approaches involve theoretical physics principles of superposition and entanglement. As such, quantum computing – and a shift from bits to “qubits” – promises exponentially more processing power, speed, and other innovative features that challenge prevailing approaches of Internet architecture and governance. One public policy concern is the credible threat quantum computing poses for the existing cryptographic trust systems – and especially public-key cryptography - upon which all communication now depends. While much of this concern relates to privacy, there is a much larger issue. Public-key cryptography constitutes the core infrastructures of trust that keep the Internet operational, including securing the DNS and Virtual Private Networks and authenticating financial systems, human identity, and commercial transactions. This paper lays out which Internet trust infrastructures are implicated by the quantum computing tension with public key cryptography, describes how technical standards-setting institutions are responding, and concludes with Internet standards lessons for quantum standardization, including encryption standards politicization that invariably accompanies ambient national security concerns and geopolitical conflict.

< <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4182865> https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4182865>

 

us: ITS Research on Spectrum Engineering Showcased at IEEE

NTIA serves a critical role in ensuring the most effective and efficient use of spectrum across the federal government. With a focus on working toward a coordinated, national approach to spectrum use, promoting evidence-based approaches to spectrum allocation is a critical endeavor. Much effort is currently focused on spectrum sharing. NTIA’s research laboratory, the Institute for Telecommunication Sciences (ITS), is bringing needed clarity to the challenge through its specialized engineering studies known as electromagnetic compatibility (EMC) studies.

< <https://www.ntia.gov/blog/2022/its-research-spectrum-engineering-showcased-ieee> https://www.ntia.gov/blog/2022/its-research-spectrum-engineering-showcased-ieee>

 

Decoding China’s latest World Internet Conference

This year's China World Internet Conference, also known as the Wuzhen Summit, a state-run conference where bigwigs in China's tech industry used to gather, party and tout their grand ideas and growth strategies, was more serious and more quiet than it's ever been.

< <https://www.protocol.com/china/wuzhen-world-internet-conference-policy-signals> https://www.protocol.com/china/wuzhen-world-internet-conference-policy-signals>

 

>From Defending the Open Internet to Confronting the Reality of a Fragmented Cyberspace: Reflecting Upon Two CFR Reports on U.S. Goals in Cyberspace

Nine years ago, a Council on Foreign Relations-sponsored independent task force published a report on U.S. cyber policy entitled “Defending an Open, Global, Secure, and Resilient Internet.” Last month, CFR issued the report of a new task force, “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet.” (I was project director for both reports.) The 2013 report was CFR’s first attempt to introduce those in the foreign policy community who were unfamiliar with the politics of cyberspace to the most pressing issues. It explained how the increasing fragmentation of the internet and the rising threat of cyberattacks negatively affected U.S. interests, and it covered many of the concepts that have shaped U.S. cyber policy for the past two decades: deterrence, norm building, cyber alliances, digital trade agreements, information sharing, and public-private partnerships. Conversely, the 2022 report moved past the prior discussions around the importance of digital technologies, instead aiming to shift the debate on what the United States should try to accomplish in cyberspace. The 2022 report’s focus is narrower, highlighting foreign policy tools and spending less time on areas like domestic authorities or workforce training. Reading the two in tandem is a reminder of how high public expectations were for what Washington could accomplish in cyberspace. It also illustrates how significantly the United States’ position in cyberspace has worsened over the past decade.

< <https://www.lawfareblog.com/defending-open-internet-confronting-reality-fragmented-cyberspace-reflecting-upon-two-cfr-reports-us> https://www.lawfareblog.com/defending-open-internet-confronting-reality-fragmented-cyberspace-reflecting-upon-two-cfr-reports-us>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home