[Newsclips] IETF SYN-ACK Newspack 2022-12-19

[David Goldstein <david@goldsteinreport.com>]

Hi IETF Participants!

 

This is the final IETF SYN-ACK Newspack for 2022. While the Newspack will take a break until early January, recommencing on 9 January, I’ll continue to monitor the news and compile what’s happening.

 

Thanks for reading the Newspack each week throughout 2022 and as usual, if you have any comments, suggestions or tips, please feel free to send them through.

 

And just the usual reminder, the IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

So until 2023, for those celebrating, have a merry Christmas and happy new year!

 

Kind regards,

David

 

**********************

IETF IN THE NEWS

**********************

Is Secured Routing a Market Failure?

The Internet represents a threshold moment for the communications realm in many ways. It altered the immediate end client of the network service from humans to computers. It changed the communications model from synchronized end-to-end service to asynchronous, and from virtual circuits to packet switching. At the same time, there were a set of sweeping changes in the public communications framework, changing the general characterization of the set of service operators in this space from state-operated monopolies, or if not state-operated then at a minimum state-sanctioned, to enterprise actors operating within a largely deregulated market economy. ... There were, however, some issues raised by these choices. The router vendors in the IETF had taken a hostile view on the topic of the IETF making further changes to the BGP protocol, as this represented for these vendors incremental cost for standards compliance without the opportunity for additional revenue from their customers. As some of these vendors had a highly influential position in the IETF, these concerns were expressed as an overriding constraint placed on the technical specification of a secured routing framework as part of the IETF’s development work.

< <https://www.potaroo.net/ispcol/2022-12/securedrouting.html> https://www.potaroo.net/ispcol/2022-12/securedrouting.html>

< <https://circleid.com/posts/20221213-is-secured-routing-a-market-failure> https://circleid.com/posts/20221213-is-secured-routing-a-market-failure>

< <https://blog.apnic.net/2022/12/16/opinion-is-secured-routing-a-market-failure/> https://blog.apnic.net/2022/12/16/opinion-is-secured-routing-a-market-failure/>

 

IPv6 extension headers in routing security

... There are several perceived challenges with IPv6. The first is that IPv6 has a higher round-trip time (RTT) than IPv4 currently. According to Xipeng Xiao’s report at IETF 113, IPv6 RTT is decreasing worldwide, but the average is still 2.5ms higher than that of IPv4.

< <https://blog.apnic.net/2022/12/14/ipv6-extension-headers-in-routing-security/> https://blog.apnic.net/2022/12/14/ipv6-extension-headers-in-routing-security/>

 

Network digital twins – outlook and opportunities

... Standards and industry alignment: Initial efforts to define a framework for NDTs have been made in standards bodies such as the IETF. Due to the diversity of potential NDT use cases, we believe that the value of standards for NDTs will be in terms of providing alignment on terminology and defining a high-level architectural framework without being so specific as to inhibit innovation. The various types of NDTs each have their own needs in terms of data and characteristics, as well as different starting points. A high degree of flexibility will be required to support innovation both in terms of evolving existing functionality and introducing entirely new functionality.

< <https://www.ericsson.com/en/reports-and-papers/ericsson-technology-review/articles/network-digital-twins-outlook-and-opportunities> https://www.ericsson.com/en/reports-and-papers/ericsson-technology-review/articles/network-digital-twins-outlook-and-opportunities>

 

Post-quantum cryptography experts brace for long transition despite White House deadlines

... Complicating matters further, NIST is approving the math behind PQC algorithms, but the IETF generally winds up defining connectivity standards. Post-Quantum’s hybrid PQ virtual private network is still being standardized by IETF, and only then can it be added to systems and sold to agencies.

< <https://www.fedscoop.com/quantum-crytography-experts-long-transition/> https://www.fedscoop.com/quantum-crytography-experts-long-transition/>

 

Cybersecurity and IT Heroes Honored at HSToday Holiday Awards

... ENPE PKI is based on a modern Certificate Authority (CA) platform that offers multiple protocols for certificate automation, including Microsoft Auto-Enrollment (MS AE) for Active Directory integration, providing an upgrade path from Microsoft Certificate Server, Automated Certificate Management Environment, an industry standard (IETF RFC 8555) made popular via the public Let’s Encrypt certificate service, and Enrollment over Secure Transport protocol (EST), industry standard (IETF RFC 7030) to automate facing with existing Certificate Management tools in components.

< <https://www.hstoday.us/subject-matter-areas/cybersecurity/cybersecurity-and-it-heroes-honored-at-hstoday-holiday-awards/> https://www.hstoday.us/subject-matter-areas/cybersecurity/cybersecurity-and-it-heroes-honored-at-hstoday-holiday-awards/>

 

SDOs and Open Source Communities Collaborate to Demonstrate Intent-based Cloud Leased Line Automation PoC, Accelerating the Realization of Autonomous Networks

... The PoC proposes a solution to these changelings. To cope complexity, the architectural design, which is based on ZSM 002, 008, 009-1 and 011, is a turnkey solution which provides fully automated and Intent-based service fulfillment and assurance of cloud leased lines. Secondly, the solution uses IETF ACTN MPI standard interfaces to solve the challenges of multi-vendor and multi-domain interoperability in the transport management domain. The solution implementation is open source and is released in LFN ONAP Kohn release.

< <https://www.lightreading.com/sdos-and-open-source-communities-collaborate-to-demonstrate-intent-based-cloud-leased-line-automation-poc-accelerating-realization-of-autonomous-networks/a/d-id/782383> https://www.lightreading.com/sdos-and-open-source-communities-collaborate-to-demonstrate-intent-based-cloud-leased-line-automation-poc-accelerating-realization-of-autonomous-networks/a/d-id/782383>

 

Interview Prof. Werner Zorn, HPI Die Sache mit dem Internet und dem Neuland [Interview Prof. Werner Zorn, HPI The thing about the internet and new territory]

... Im US-amerikanischen ARPANET wurden von Anfang an statt starrer Normen sogenannte Requests for Comments, kurz RFC, eingesetzt. Hierbei handelt es sich um eine evolutionäre Entwicklungsmethodik, bei der Designideen in offenen Foren zur Diskussion gestellt werden, um dann im Wechselspiel von Erprobung und Verbesserungsvorschlägen so lange iteriert zu werden, bis ein zufriedenstellender Entwicklungsstand und damit ein freizugebendes Ergebnis erreicht ist. Die Anzahl von 9150 IETF-RFC, Stand 1969 bis Februar 2022, gibt eine Vorstellung von der Größenordnung des RFC-Standardisierungsumfangs der in Amerika gegründeten IETF.

< <https://www.industry-of-things.de/die-sache-mit-dem-internet-und-dem-neuland-a-9bf447898a9c675dcf2a64ef1a9c9449/> https://www.industry-of-things.de/die-sache-mit-dem-internet-und-dem-neuland-a-9bf447898a9c675dcf2a64ef1a9c9449/>

 

Optimale Netz-Standards könnten Energie sparen [Optimal grid standards could save energy]

... Von "grünen Rechenzentren" wird viel gesprochen, aber dass man auch mit der Wahl "sparsamer" Datenformate den CO2-Fußabdruck des Internet verringern kann, ist weniger bekannt. Bei einem mehrtägigen Workshop machten sich das Internet Architecture Board (IAB), die IETF und die Internet Research Task Force Gedanken über die Effekte des Netzes auf die Klimaerwärmung. Sie sammelten dabei Ideen für klimafreundliche Standards – angesichts das rasanten Wachstums des Datenverkehrs ein brennendes Thema. Weil Netzanwendungen so weit verbreitet sind, versprechen selbst kleine Verbesserungen enorme Einspareffekte.

< <https://www.heise.de/news/Optimale-Netz-Standards-sollen-Energie-sparen-helfen-7393745.html> https://www.heise.de/news/Optimale-Netz-Standards-sollen-Energie-sparen-helfen-7393745.html>

 

‘검색’ 힘주는 네이버...기존 사업과 시너지 노린다 ['Search' power gives Naver... Aim for synergy with existing business]

... 최근 네이버는 자사 검색 서비스에 ‘HTTP/3’를 도입했다. 기존 대비 더욱 빠르고 안정적인 검색을 제공하기 위함이다. HTTP/3는 앱·브라우저와 웹 간 데이터 교환을 위한 3세대 표준 프로토콜(protocol)이다. 지난 6월 국제인터넷기술위원회(IETF)는 차세대 웹 통신 표준 프로토콜로 제정한 바 있다.

< <https://www.digitaltoday.co.kr/news/articleView.html?idxno=466729> https://www.digitaltoday.co.kr/news/articleView.html?idxno=466729>

 

自由分享想法和技术源于无拘无束的参与和善意的精神 [The free sharing of ideas and technology stems from a spirit of unfettered participation and goodwill]

“我们拒绝国王，和投票。我们相信粗略的共识和运行代码。” 这些是Dave Clark的话，他参与了互联网工程任务组(IETF)的早期工作。并非每个数字创新者都有兴趣赚取数十亿美元。Richard Stallman，Linus Torvalds和Tim Berners-Lee等技术先驱们自由地分发了他们的想法。在这种慷慨的背后，是一种思想和社区精神，几十年来一直在推动创新。

< <https://www.flyxg.com/dongtai/202212/1767306.html> https://www.flyxg.com/dongtai/202212/1767306.html>

 

红帽企业Linux 8凭借改进的系统性能打败了Beta版 [Red Hat Enterprise Linux 8 beats beta with improved system performance]

... 新的安全功能也将成为RHEL 8的核心元素，最值得注意的是包含对TLS 1.3加密标准的支持。TLS 1.3于3月26日由IETF宣布为正式标准，为用于保护互联网上运动数据的核心协议提供更新版本。

 

Cisco FabricPath چیست و چگونه به یاری کارشناسان شبکه می‌آید؟ [What is Cisco FabricPath and how does it come to the aid of network experts?]

FabricPath فناوری انحصاری سیسکو است و عملکردی شبیه بهTRILL دارد که استاندارد IETF است. مزیت بزرگی که FabricPath دارد این است که بالاترین سطح از انعطاف‌پذیری بدون بروز مشکل حلقه را ارائه می‌دهد. 

< <https://vista.ir/n/makzjwu/Cisco-FabricPath-????-?-?????-??-????-?????????-????-???????> https://vista.ir/n/makzjwu/Cisco-FabricPath-چیست-و-چگونه-به-یاری-کارشناسان-شبکه-می‌آید؟>

 

**********************

SECURITY & PRIVACY

**********************

Root Zone KSK Algorithm Rollover

Overview: The DNS is the Internet's address book that connects users to services on the Internet. Unfortunately, it was not designed with security in mind. The DNS root zone was first signed in 2010 to help keep it more secure for Internet users.

< <https://www.icann.org/resources/pages/ksk-algorithm-rollover-en> https://www.icann.org/resources/pages/ksk-algorithm-rollover-en>

 

ch: New year’s resolution – dealing with the human factor in 2023

It’s this time of the year again, time to look back to move forward. So, Cornelia, Fabio and I sat down and tackled these questions: How has the IT security domain been dealing with human risk? How is security awareness evolving as a discipline? What have we, as a team, accomplished so far? And most importantly, where do we want to go?

< <https://securityblog.switch.ch/2022/12/06/new-years-resolution-dealing-with-the-human-factor-in-2023/> https://securityblog.switch.ch/2022/12/06/new-years-resolution-dealing-with-the-human-factor-in-2023/>

 

The state of cybersecurity in education: the responsibilities of the EdTech sector towards children

The growing dependence of primary and secondary education on digital technologies has led to increased cybercrime in UK schools. Unlike other information and communication technology sectors, the EdTech industry tends to escape critical research enquiry with regards to their state of cybersecurity. EdTech businesses work in a fast-paced, relatively unregulated environment and their cybersecurity measures remain largely unknown. In a new Media@LSE Working Paper on which this post is based, Velislava Hillman focuses on the state of cybersecurity in education by addressing EdTech businesses, to map the challenges and identify the needs for safety and security in education.

< <https://blogs.lse.ac.uk/medialse/2022/12/09/the-state-of-cybersecurity-in-education-the-responsibilities-of-the-edtech-sector-towards-children/> https://blogs.lse.ac.uk/medialse/2022/12/09/the-state-of-cybersecurity-in-education-the-responsibilities-of-the-edtech-sector-towards-children/>

 

>From stricter reporting rules to a new cyber threat hub, the EU is upgrading its cybersecurity law

The European Union is set to make major upgrades to its bloc-wide cybersecurity framework for the first time in years. In November, the EU Parliament and European Council approved the implementation of a new policy known as the Network and Information Security Directive 2 (NIS 2.0). The framework will replace the original NIS Directive, which was introduced in 2016 as the first EU-wide cybersecurity legislation.

< <https://www.weforum.org/agenda/2022/12/cybersecurity-european-union-nis/> https://www.weforum.org/agenda/2022/12/cybersecurity-european-union-nis/>

 

Cybersecurity: EU holds 8th dialogue with the United States

On 15 and 16 December 2022, the European Union and United States held the eighth EU-U.S. Cyber Dialogue in Washington, DC. This took place in the context of a dramatically deteriorated cyber threat environment due to Russia’s illegal military aggression against Ukraine, which has underlined the need for enhanced transatlantic cooperation and coordination to prevent, detect and respond to malicious cyber activities and highlighted the need to ensure that critical infrastructure is secure and resilient.

< <https://digital-strategy.ec.europa.eu/en/news/cybersecurity-eu-holds-8th-dialogue-united-states> https://digital-strategy.ec.europa.eu/en/news/cybersecurity-eu-holds-8th-dialogue-united-states>

 

IP fragmentation and the DNS — mitigation

In parts one and two of this series, we’ve seen that DNS fragmentation is real and can happen in the Internet. There are operating systems and DNS servers out there in the Internet that are vulnerable, and with the help of DNS fragmentation, malicious actors can make changes to DNS responses received by DNS resolvers. Without DNSSEC signing and validation, these changes will go unnoticed.

< <https://blog.apnic.net/2022/12/13/ip-fragmentation-and-the-dns-mitigation/> https://blog.apnic.net/2022/12/13/ip-fragmentation-and-the-dns-mitigation/>

 

The digital future requires making 5G secure by Tom Wheeler and David Simpson

>From smart cities to smart cars, to smart factories, the future will be built on ubiquitous microchips connected by wireless networks. Fifth generation (5G) technology promises to bring the high-speed, low-latency wireless infrastructure necessary for the “smart” era. By some estimates, half of all worldwide data traffic over the next five years will be generated not by people, but by connected computerized devices requiring no human intervention.

< <https://www.brookings.edu/blog/techtank/2022/12/09/the-digital-future-requires-making-5g-secure/> https://www.brookings.edu/blog/techtank/2022/12/09/the-digital-future-requires-making-5g-secure/>

 

**********************

INTERNET OF THINGS

**********************

How Will the Internet of Things (IoT) Evolve?

Imagine craving a soda and walking to the nearest vending machine only to find that it was out, or worse, that the soda was warm. In the early 1980s, college students found a way to solve this problem by hooking a vending machine up to their local network in order to determine if there was still soda in stock and whether or not it was cold.

< <https://builtin.com/internet-things/iot-predictions> https://builtin.com/internet-things/iot-predictions>

 

Smart cities present risks but also opportunities for inclusion

Brussels has backed smart city projects to accelerate progress on its twin transition goals, but as with many efforts to digitise public services, they present opportunities and potential obstacles to digital inclusion.

< <https://www.euractiv.com/section/digital-inclusion/news/smart-cities-present-risks-but-also-opportunities-for-inclusion/> https://www.euractiv.com/section/digital-inclusion/news/smart-cities-present-risks-but-also-opportunities-for-inclusion/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Internet surveillance

... Thankfully, network designers and researchers alike have recognised the need for, at minimum, data confidentiality. Transport Layer Security (TLS) isused for nearly all types of communications in the Internet, and is the default in all major browsers, modern protocols like QUIC and HTTP/3, and much more.

< <https://www.fijitimes.com/internet-surveillance/> https://www.fijitimes.com/internet-surveillance/>

 

A month on, network improvements come to .NET 7

... In addition, HTTP/3 is enabled by default in .NET 7 and Microsoft extended HTTP telemetry to HTTP/3. Microsoft has also done more to support Quick UDP Internet Connections (QUIC), a transport layer tool that uses UDP as its underlying protocol and mandates TLS 1.3 use. QUIC is less chatty than other protocols, and more secure.

< <https://www.theregister.com/2022/12/13/microsoft_net7_networking/> https://www.theregister.com/2022/12/13/microsoft_net7_networking/>

 

Latenza, cos'è e come fare per ridurla [Latency, what it is and how to reduce it]

... Sempre lato server, l'uso del protocollo QUIC alla base di HTTP/3, terza versione del protocollo Hypertext Transfer Protocol usato per il Web, consente di abbassare la latenza senza sacrificare l'efficacia delle trasmissioni TCP.

< <https://www.ilsoftware.it/articoli.asp?tag=Latenza-cos-e-e-come-fare-per-ridurla_25368> https://www.ilsoftware.it/articoli.asp?tag=Latenza-cos-e-e-come-fare-per-ridurla_25368>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Vint Cerf Helped Create the Internet on the Back of an Envelope: Forty years after the internet was born, one of its pioneers calls for more critical thinking about how we use it.

Much has changed in the world of cyberspace since Jan. 1, 1983, the date often called “the birthday of the internet.” Yet the internet’s fundamental architecture—the communications protocol that allows computer networks all over the world to talk to each other—remains essentially the same. This is largely thanks to a design that Vint Cerf sketched on the back of an envelope while holed up with fellow computer scientist Robert Kahn in a Palo Alto cabana nearly 50 years ago.

< <https://www.wsj.com/articles/vint-cerf-helped-create-the-internet-on-the-back-of-an-envelope-11671210858> https://www.wsj.com/articles/vint-cerf-helped-create-the-internet-on-the-back-of-an-envelope-11671210858>

 

W3C Advisory Committee Elects Technical Architecture Group

W3C TAG logoThe W3C Advisory Committee has elected the following people to the W3C Technical Architecture Group (TAG): Amy Guy (Digital Bazaar), Theresa O’Connor (Apple, Inc.) and Lea Verou (W3C Invited Expert). They join co-Chair Tim Berners-Lee and continuing participants, Daniel Appelquist (W3C Invited Expert, co-Chair), Rossen Atanassov (Microsoft Corporation), Hadley Beeman (W3C Invited Expert), Peter Linss (W3C Invited Expert, co-Chair), Dapeng (Max) Liu (Alibaba Group) and Sangwhan Moon (Google). Yves Lafon continues as staff contact.

< <https://www.w3.org/blog/news/archives/9787> https://www.w3.org/blog/news/archives/9787>

 

Local Rules for a Global Network—The Splinternet’s Insidious Alternative 

It was touted as “the most important election you’ve never heard of” and a vote that could “change the course of Internet history.” The recent high-profile election of the Secretary-General of the International Telecommunication Union (ITU) pitted American candidate Doreen Bogdan-Martin against her Russian counterpart, Rashid Ismailov, in a race reminiscent of the Cold War era’s ideological battles over freedom and control.

< <https://www.internetsociety.org/blog/2022/12/local-rules-for-a-global-network/> https://www.internetsociety.org/blog/2022/12/local-rules-for-a-global-network/>

 

Monitoring, awareness, and community at the centre of NTT’s RPKI deployment

Over the last two and a half years, Senior Software Engineer for NTT’s Global IP Network (GIN), Massimo Candela, has been sharing their experience deploying Resource Public Key Infrastructure (RPKI). During this period and across various events, Massimo has encouraged the network operator community to deploy RPKI, particularly Route Origin Validation (ROV), in the networks they manage to help secure the Internet’s routing infrastructure. The following is a summary of what Massimo has shared about NTT’s RPKI deployment.

< <https://blog.apnic.net/2022/12/15/monitoring-awareness-and-community-at-the-centre-of-ntts-rpki-deployment/> https://blog.apnic.net/2022/12/15/monitoring-awareness-and-community-at-the-centre-of-ntts-rpki-deployment/>

 

What Happened to IPv5?

What is IPv5? An internet protocol is the set of rules that govern how information packets are transmitted over a network. IPv5 is a version of Internet Protocol (IP) that was never formally adopted as a standard. The "v5" stands for version 5 of the Internet Protocol. Computer networks use version 4, typically called IPv4, or a newer version: IPv6.

< <https://www.lifewire.com/what-happened-to-ipv5-3971327> https://www.lifewire.com/what-happened-to-ipv5-3971327>

 

What is TLS and how does it work?

TLS (Transport Layer Security) is a security protocol that is used to establish encrypted links between a web server and a browser in order to protect the data exchanged between them.

< <https://www.techradar.com/features/what-is-tls-and-how-does-it-work> https://www.techradar.com/features/what-is-tls-and-how-does-it-work>

< <https://www.msn.com/en-us/news/technology/what-is-tls-and-how-does-it-work/ar-AA15gI4N> https://www.msn.com/en-us/news/technology/what-is-tls-and-how-does-it-work/ar-AA15gI4N>

 

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home