[Newsclips] IETF SYN-ACK Newspack 2023-10-30

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Usage of fractional order PI_Dμ controller as AQM algorithm

Abstract: The article describes the Usage of fractional order controller as AQM algorithm. The alternative, integer-based calculation process for controller is proposed and tested in numerical analysis, simulation environment, and Linux-based testbed environment with real-life devices. The FPGA design for the calculation process is presented. Experimental evaluation and setup process for AQM in the network is presented. ... Introduction: To deal with the problem of increasing delays in the network caused by the bufferbloat problem, the IETF recommends usage of routers implementing Active Queue Management (AQM).

< <https://www.nature.com/articles/s41598-023-45667-2> https://www.nature.com/articles/s41598-023-45667-2>

 

Has the EU’s discourse on internet standards generated real policy change?

Since 2019, the European Commission has launched a series of initiatives aimed at strengthening the EU’s role in setting the standards that govern the internet. Drawing on a new study, Clément Perarnaud and Julien Rossi examine whether this shift in approach has produced significant changes in the way the EU engages with the issue. ... Internet standards are usually produced within private organisations, such as the IETF, and more rarely within formal standard-developing organisations such as the International Telecommunication Union (ITU) of the United Nations, in which states play a larger role. These forums are an integral part of internet governance through which state actors and large companies compete to define what the future of the internet will be.

< <https://blogs.lse.ac.uk/europpblog/2023/10/26/has-the-eus-discourse-on-internet-standards-generated-real-policy-change/> https://blogs.lse.ac.uk/europpblog/2023/10/26/has-the-eus-discourse-on-internet-standards-generated-real-policy-change/>

 

Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly computer networks are no exception. How can you be assured that your network infrastructure us running on authentic platforms, both hardware and software, and its operation has not been compromised in any way? ... The first question, namely one of consistency across the massive diversity that is the Internet today is largely an article of faith as distinct from a testable proposition. The routing protocols are built according to standard specifications from the IETF, and from the perspective of the end user the degree to which all the routers along the end-to-end path are accurate and faithful implementations of this common standard is not directly verifiable.

< <https://www.potaroo.net/ispcol/2023-10/trust.html> https://www.potaroo.net/ispcol/2023-10/trust.html>

 

Vulnerability disclosure: A firsthand view

“In practice, the theory is different” — an Electricity and Magnetism professor I had in college used to say during our lab experiments. If the laws of physics guaranteed one could touch a certain electrified object without being electrocuted, he would never demonstrate this principle with his own hands, as unforeseen conditions could occur in practice. ... We had two types of reactions to our disclosure: ... egative: Some operators accused us of fearmongering, while another stated that the problem was already known. While it is true that previous RFCs had addressed the issue of cyclic dependencies (RFC 1034, RFC 1035, and RFC 1536), the issue was not fully resolved, which is why the vulnerability was still present. We wrote an Internet-draft covering it, which was later incorporated into another IETF draft.

< <https://blog.apnic.net/2023/10/27/vulnerability-disclosure-a-firsthand-view/> https://blog.apnic.net/2023/10/27/vulnerability-disclosure-a-firsthand-view/>

 

HTTP/2 Brings Rapid Reset Misery

... That’s because HTTP/2 Rapid Reset’s vulnerability doesn’t spring from a specific software component but from within the specifications of the HTTP/2 webpage delivery network protocol itself. Developed by the IETF approximately eight years ago, HTTP/2 gave us a faster and more efficient successor to the traditional HTTP protocol. Its widespread adoption, especially in mobile applications, has solidified its role in modern internet infrastructure. Unfortunately, for us, it also gave us a built-in vulnerability.

< <https://thenewstack.io/http-2-brings-rapid-reset-misery/> https://thenewstack.io/http-2-brings-rapid-reset-misery/>

 

Mitigating The Quantum Threat Today

... The solution is simple and robust: pre-shared keys. Pre-shared symmetric keys are not encumbered with the complexity or security uncertainty of new post-quantum algorithms. The foresight of the IETF means that a straightforward path to quantum safety for VPNs has been ready since 2020, per the standard document RFC 8784.

< <https://www.forbes.com/sites/forbestechcouncil/2023/10/23/mitigating-the-quantum-threat-today/> https://www.forbes.com/sites/forbestechcouncil/2023/10/23/mitigating-the-quantum-threat-today/>

 

Google - yes, that Google - testing proxy scheme to hide IP addresses for privacy

... While a number of people have expressed concern in the IP Protection issue tracker about Google proxying browser traffic, the Chocolate Factory's approach shares some similarities to the IETF's Masque proposal.

< <https://www.theregister.com/2023/10/23/google_ip_proxy/> https://www.theregister.com/2023/10/23/google_ip_proxy/>

< <https://www.msn.com/en-us/news/technology/google-yes-that-google-testing-proxy-scheme-to-hide-ip-addresses-for-privacy/ar-AA1iIUpK> https://www.msn.com/en-us/news/technology/google-yes-that-google-testing-proxy-scheme-to-hide-ip-addresses-for-privacy/ar-AA1iIUpK>

 

Streaming Video Technology Alliance Opens Call for Papers for SEGMENTS:2024 [news release]

... The Alliance’s third and final member meeting of 2023 is scheduled for November 1-2, in Prague – the week prior to IETF 118. The meeting will be held just around the corner from the Wenceslas Square in the heart of the city’s center.

< <https://www.svta.org/2023/10/26/segments2024-call-for-papers/> https://www.svta.org/2023/10/26/segments2024-call-for-papers/>

 

Cisco Shares a Three-Pronged AI Strategy at WebexOne

... The industry has relied on Opus, the lossy audio codec the IETF developed for a decade. Cisco thought it was time to rethink that codec with an eye on audio and video quality. “We have spent the last two years quietly working on a next-generation AI codec,” Khan explained. “This is going to power a lot of those real-time media models.”

< <https://www.nojitter.com/ai-speech-technologies/cisco-shares-three-pronged-ai-strategy-webexone> https://www.nojitter.com/ai-speech-technologies/cisco-shares-three-pronged-ai-strategy-webexone>

 

Microsoft is building support for DNR and SMB client encryption mandate in Windows 11

... Another networking improvement present in Windows 11 Canary build 25982 is support for DNR, which is an upcoming standard from the IETF to allow for more efficient discovery of encrypted DNS servers. Up until now, client machines have been required to find the IP address of the encrypted DNS server they wish to connect to and then make the appropriate configurations. DNR removes the need for this manual endpoint configuration by leveraging encrypted protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) on the client-side.

< <https://www.xda-developers.com/microsoft-support-dnr-smb-client-encryption-mandate-windows-11/> https://www.xda-developers.com/microsoft-support-dnr-smb-client-encryption-mandate-windows-11/>

 

Is it wise to put all your security solutions in one cyber basket?

... Not to be confused with Remote Function Call, an interface used in SAP communications, a Request for Comments (RFC) in this context is a formal document produced by the IETF.

< <https://itbrief.com.au/story/is-it-wise-to-put-all-your-security-solutions-in-one-cyber-basket> https://itbrief.com.au/story/is-it-wise-to-put-all-your-security-solutions-in-one-cyber-basket>

 

Codec Licensing and Web Video Streaming

... Patent pools have managed to set a license requirement on encoders by reference to the bitstream specification, but this doesn’t work for a streaming service. Streaming services use formats like MPEG’s Dynamic Adaptive Streaming over HTTP (MPEG-DASH) or the Apple designed HTTP Live Streaming (IETF HLS). Neither of these specifications make use of normative language in a codec bitstream specification.

< <https://www.streamingmedia.com/Articles/Post/Blog/Codec-Licensing-and-Web-Video-Streaming-161116.aspx> https://www.streamingmedia.com/Articles/Post/Blog/Codec-Licensing-and-Web-Video-Streaming-161116.aspx>

 

OpenSSL 3.2 Reaches Beta With Client-Side QUIC, Zstd & Brotli Certificate Compression

OpenSSL 3.2 is now available in beta form as the newest forthcoming feature update to this widely-used cryptographic library. OpenSSL 3.2 is introducing initial client side work around QUIC, the general purpose transport layer network protocol that was developed by Google and since adopted by the IETF.

< <https://www.phoronix.com/news/OpenSSL-3.2-Beta> https://www.phoronix.com/news/OpenSSL-3.2-Beta>

 

Das 118. Treffen der IETF findet Anfang November 2023 in Prag (Tschechien) statt [The 118. IETF meeting will take place in Prague (Czech Republic) at the beginning of November 2023]

Das 118. Treffen der IETF startet am 04. November 2023 als Präsenz-Veranstaltung unter dem Titel »IETF 118 Prague« in Prag (Tschechien). Eine Online-Teilnahme ist selbstverständlich möglich.

< <https://domain-recht.de/domain-events/sonstige-events/internettechnik-das-118-treffen-der-ietf-findet-anfang-november-2023-in-prag-tschechien-statt-69137.html> https://domain-recht.de/domain-events/sonstige-events/internettechnik-das-118-treffen-der-ietf-findet-anfang-november-2023-in-prag-tschechien-statt-69137.html>

 

Windows 11 soll automatisch verschlüsselte DNS-Server finden [Windows 11 should automatically find encrypted DNS servers]

... Konkret umgesetzt hat Microsoft das Protokoll zum Auffinden von Resolvern, die durch das Netzwerk selbst per DHCP oder Router-Advertisement-Nachrichten festgelegt werden. Der kurz DNR genannte Standard wird seit einigen Jahren bei der IETF in einer speziellen Arbeitsgruppe erstellt und ist inzwischen von allen Beteiligten zur offiziellen Veröffentlichung vorgesehen. Wann dies geschieht, ist derzeit aber noch nicht bekannt.

< <https://www.golem.de/news/microsoft-windows-11-soll-automatisch-verschluesselte-dns-server-finden-2310-178842.html> https://www.golem.de/news/microsoft-windows-11-soll-automatisch-verschluesselte-dns-server-finden-2310-178842.html>

 

Google gibt Falcon frei: Was bietet das neue Hardware-Transportprotokoll? [Google releases Falcon: What does the new hardware transport log offer?]

... Während Google bisher beispielsweise in der IETF Softwarelösungen auf Protokollebene einbrachte, sieht der Konzern nun in flexiblen Hardwarelösungen einen besseren Ansatz und möchte das Ethernet dafür fit machen. Die Vorschläge hierfür wurden beim diesjährigen OCP Global Summit in San José in das Open Compute Project eingebracht.

< <https://www.heise.de/news/Google-gibt-Falcon-frei-Was-bietet-das-neue-Hardware-Transportprotokoll-9343187.html> https://www.heise.de/news/Google-gibt-Falcon-frei-Was-bietet-das-neue-Hardware-Transportprotokoll-9343187.html>

 

OpenSSL 3.2 Beta: QUIC-Cient und viele Neurungen [OpenSSL 3.2 Beta: QUIC-Cient and many recoveries]

Die kryptografische Bibliothek OpenSSL hat eine neue Betaversion OpenSSL 3.2 veröffentlicht. Diese Version bringt einige interessante Neuerungen, wie die erste Client-Implementierung von QUIC (Quick UDP Internet Connections) aka http/3, das ursprünglich von Google entwickelt und später von der IETF übernommen wurde. OpenSSL möchte die QUIC-Implementierung in den kommenden Updates 3.3 und 3.4 im Laufe des kommenden Jahres abschließen.

< <https://www.pcmasters.de/security/133712554-openssl-3-2-beta-quic-cient-und-viele-neurungen.html> https://www.pcmasters.de/security/133712554-openssl-3-2-beta-quic-cient-und-viele-neurungen.html>

 

Von Whatsapp zu Signal: Warum der Austausch zwischen Messengern nicht so einfach wird [From Whatsapp to Signal: Why the exchange between messengers is not so easy]

... Für den Standard MIMI arbeiten verschiedene große Hersteller in der IETF, kurz IETF, zusammen. Die IETF ist Vermittler zwischen den verschiedenen Stakeholdern in dem Bereich. Die an ihre beteiligten können sich auf einen Standard einigen, allerdings muss dieser dann nicht für alle Marktteilnehmer bindend sein. Offen ist auch, ob die EU einen Standard vorschreibt.

< <https://t3n.de/news/whatsapp-facebook-messenger-signal-austausch-herausforderung-1584845/> https://t3n.de/news/whatsapp-facebook-messenger-signal-austausch-herausforderung-1584845/>

 

Firefox 119 mit verbessertem PDF-Editor [Firefox 119 with improved PDF editor]

... In Bezug auf mehr Sicherheit unterstützt Firefox nun den Encrypted Client Hello (ECH). Dabei handelt es sich um eine neue TLS-Erweiterung. Üblicherweise wird vom Browser bei der Verbindung zu einer Webseite in der Anfangsnachricht deren Name unverschlüsselt übertragen. Diese Lücke soll ECH unter anderem schließen. ECH ist das Ergebnis einer engen, von der IETF geförderten Zusammenarbeit zwischen Akademikern und führenden Unternehmen der Technologiebranche, darunter Cloudflare, Fastly und Mozilla.

< <https://linuxnews.de/firefox-119-mit-verbessertem-pdf-editor/> https://linuxnews.de/firefox-119-mit-verbessertem-pdf-editor/>

 

Firefox 119 commence à déployer la fonctionnalité améliorée Firefox View [Firefox 119 starts deploying the enhanced Firefox View functionality]

... ECH est l'étape la plus récente de la mission de Mozilla visant à construire un meilleur internet, un internet où la vie privée est la norme de l'industrie. Mozilla développe cette nouvelle technologie de protection de la vie privée depuis près d'une demi-décennie en collaboration avec d'autres navigateurs, des fournisseurs d'infrastructure, des chercheurs universitaires et des organismes de normalisation tels que l'IETF.

< <https://web.developpez.com/actu/349940/Firefox-119-commence-a-deployer-la-fonctionnalite-amelioree-Firefox-View-et-renforce-la-confidentialite-ainsi-que-la-securite/> https://web.developpez.com/actu/349940/Firefox-119-commence-a-deployer-la-fonctionnalite-amelioree-Firefox-View-et-renforce-la-confidentialite-ainsi-que-la-securite/>

 

Google anuncia nuevo enfoque para proteger la privacidad en Chrome [Google announces new approach to protecting privacy in Chrome]

... Aunque se han expresado preocupaciones sobre el envío de tráfico del navegador a través de un proxy de Google, este enfoque comparte similitudes con la propuesta Masque de la IETF. Sin embargo, Google no ha especificado una línea de tiempo para probar la Protección de IP ni ha solicitado una revisión de diseño al Grupo de Arquitectura Técnica (TAG) de la W3C.

< <https://metroamericas.com/noticias-2/google-anuncia-nuevo-enfoque-para-proteger-la-privacidad-en-chrome/237742/> https://metroamericas.com/noticias-2/google-anuncia-nuevo-enfoque-para-proteger-la-privacidad-en-chrome/237742/>

 

WebexOne: Cisco predstavlja strategiju veštačke inteligencije za unapređenje rada i saradnje [WebexOne: Cisco presents artificial intelligence strategy to improve work and collaboration]

... Industrija se već jednoj deceniji oslanjala na Opus, audio kodek koji je Internet inženjerski task force (IETF) razvio. Cisco je smatrao da je vreme za preispitivanje tog kodeka, sa fokusom na kvalitet zvuka i video zapisa. „Poslednje dve godine smo tiho radili na novoj generaciji AI kodeka“, objasnio je Khan. „Ovo će biti osnova za mnoge od tih modela za obradu u realnom vremenu.“

< <https://www.infolopare.com/nekategorizovano/cisco-shares-a-three-pronged-ai-strategy-at-webexone/81862/> https://www.infolopare.com/nekategorizovano/cisco-shares-a-three-pronged-ai-strategy-at-webexone/81862/>

 

楽天が公開サーバーにテキスト設置、セキュリティー向上に役立つ「security.txt」 [Rakuten installs text on public servers, "security.txt" to help improve security]

... security.txtは、当該企業が提供する製品やサービスの脆弱性情報を見つけた人が通知する窓口を示すためのファイルだ。インターネット技術の標準化を行う団体IETFが発行する仕様書RFC 9116で規定されている。

< <https://xtech.nikkei.com/atcl/nxt/column/18/00001/08552/> https://xtech.nikkei.com/atcl/nxt/column/18/00001/08552/>

 

**********************

SECURITY & PRIVACY

**********************

Notes from NANOG 89: BGP Error Handling

The original specification of the BGP routing protocol, RFC 1105, from 1989, has the following directive: "NOTIFICATION messages are sent when an error condition is detected. The BGP connection is closed shortly after sending the notification message." Ahh, you might think, that might be a potential problem, but the directive persisted for many years through successive generations of the BGP protocol specification. RFC 4271, from January 2006, still contains the same text.

< <https://www.potaroo.net/ispcol/2023-10/bgp-errors.html> https://www.potaroo.net/ispcol/2023-10/bgp-errors.html>

 

Big mail carriers insist on SPF, DKIM and DANE

The world's biggest e-mail carriers are making more and more use of modern security standards to validate the authenticity of messages and senders.

< <https://www.sidn.nl/en/news-and-blogs/big-mail-carriers-insist-on-spf-dkim-and-dane> https://www.sidn.nl/en/news-and-blogs/big-mail-carriers-insist-on-spf-dkim-and-dane>

 

Taming the Transient While Reconfiguring BGP

Network operators reconfigure their networks daily to adapt to new business relationships, optimize network performance, or perform regular maintenance. Applying such reconfigurations is nerve-racking as they often affect a significant portion of the network traffic.

< <https://www.manrs.org/2023/10/taming-the-transient-while-reconfiguring-bgp/> https://www.manrs.org/2023/10/taming-the-transient-while-reconfiguring-bgp/>

 

**********************

INTERNET OF THINGS

**********************

Value-added services will deliver greater customer experience, new report reveals [news release]

Most broadband service providers plan to introduce technology which automatically directs greater bandwidth and lower latency to the services being used by customers, says a new report.

< <https://www.broadband-forum.org/2023-10-25-value-added-services-will-deliver-greater-customer-experience-new-report-reveals> https://www.broadband-forum.org/2023-10-25-value-added-services-will-deliver-greater-customer-experience-new-report-reveals>

 

‘The Future of the Connected Home: The Rise of Home Applications’ Whitepaper

The whitepaper published by Omdia in conjunction with Broadband Forum and sponsored by Axiros, CommScope, F-Secure, Friendly Technologies, Incognito Software Systems Inc, and Nokia found that most broadband service providers plan to introduce technology which automatically directs greater bandwidth and lower latency to the services being used by customers.

< <https://www.broadband-forum.org/the-future-of-the-connected-home-the-rise-of-home-applications-whitepaper> https://www.broadband-forum.org/the-future-of-the-connected-home-the-rise-of-home-applications-whitepaper>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

The challenges ahead for HTTP/3

If you’ve followed my series of posts on the benefits of HTTP/3 (QUIC) compared to HTTP/2 (TCP), by now you might think that these new protocols seem too good to be true. They improve performance, boost security/privacy, and are the perfect bedrock for future-proof experimentation and improvements in the years to come. Still, the protocols have also gotten plenty of pushback, for several reasons, which I’ll discuss in this final post.

< <https://blog.apnic.net/2023/10/23/the-challenges-ahead-for-http-3/> https://blog.apnic.net/2023/10/23/the-challenges-ahead-for-http-3/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

“Development of internet standards is no longer a purely technical matter”

Human rights and democratic principles must be integral to the technical standards underpinning further development of the internet and new digital technologies. The Dutch government is therefore working to expand the Freedom Online Coalition (FOC), established by the Netherlands in 2011. The intention is to counter the growing influence of non-Western countries over standardisation processes and prevent the abuse of technical applications for mass surveillance or oppression.

< <https://www.sidn.nl/en/news-and-blogs/development-of-internet-standards-is-no-longer-a-purely-technical-matter> https://www.sidn.nl/en/news-and-blogs/development-of-internet-standards-is-no-longer-a-purely-technical-matter>

 

The power of a standards-based operator cloud demonstrated at Network X

The CloudCO demonstration to be led by the Broadband Forum at this year’s Network X will show how network operators can unlock network efficiencies and new service delivery from a disaggregated and virtualized software-defined broadband network.

< <https://www.broadband-forum.org/2023-10-23-the-power-of-a-standards-based-operator-cloud-demonstrated-at-network-x> https://www.broadband-forum.org/2023-10-23-the-power-of-a-standards-based-operator-cloud-demonstrated-at-network-x>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home