Rough Guide to IETF 100 – IPv6

In this post for the Internet Society Rough Guide to IETF 100, I’m reviewing what’ll be happening at IETF 100 in Singapore next week.

IPv6 global adoption rates passed 20% shortly after IETF 99, with a number of countries making substantial strides in IPv6 deployment in the past few months. Belgium still leads the way at over 60%, but India has shot up to over 50% which is extremely encouraging in such a large market. Adoption rates also exceed 40% in the United States and Germany, and with most major content and cloud providers now supporting IPv6, there’s a substantial amount of IPv6-related work happening in Singapore. In fact, there’s no less than five IPv6-related working groups on the first day alone.

The IPv6 Operations (v6ops) Working Group is always one of the key groups, and since the last meeting has published two RFCs on Host Address Availability Recommendations (https://tools.ietf.org/html/rfc7934) and Local-Use IPv4/IPv6 Translation Prefix (https://tools.ietf.org/html/rfc8215). The meeting kicks off on Monday afternoon and continues on Thursday morning, starting with a case study on IPv6-only deployment at Cisco.

There are also seven drafts being discussed including 464XLAT Deployment Guidelines for Operator Continue reading

The Internet, Homemade

The following post originally appeared on the APNIC blog.

The Internet can enhance social inclusion and participation and can contribute to economic development. Therefore, it should be a commodity for every citizen, but, as RFC3271 says, ‘it will only be such if we make it so.’

Internet infrastructure and services do not even reach 50% of the global population. The three main issues affecting Internet growth are: not everyone wants or needs it, not everyone has access to it, and not everyone can provide it.

I respect people’s choices with the first issue since the Internet is not a natural thing that we need to sustain or protect ourselves. However, for many, they don’t want or need the Internet because there is a lack of locally relevant content and services or training on how to use it. Metaphorically speaking: Shall I eat the same fast food made far away when I like my local tasty food not offered here?

Without content and services adapted to my local taste and language, it may not be attractive or digestible. At the same time, local access and education are necessary primers to produce such relevant and meaningful content.

The second and third Continue reading

Announcing Four NDSS 2018 Workshops on Binary Analysis, IoT, DNS Privacy, and Security

The Internet Society is excited to announce that four workshops will be held in conjunction with the upcoming Network and Distributed System Security (NDSS) Symposium on 18 February 2018 in San Diego, CA. The workshop topics this year are:

• Binary Analysis Research,
• Decentralized IoT Security and Standards,
• DNS Privacy, and
• Usable Security.

A quick overview of each of the workshops is provided below. Submissions are currently being accepted for emerging research in each of these areas. Watch for the final program details in early January!

The first workshop is a new one this year on Binary Analysis Research (BAR). It is exploring the reinvigorated field of binary code analysis in light of the proliferation of interconnected embedded devices. In recent years there has been a rush to develop binary analysis frameworks. This has occurred in a mostly uncoordinated manner with researchers meeting on an ad-hoc basis or working in obscurity and isolation. As a result, there is little sharing or results and solution reuse among tools. The importance of formalized and properly vetted methods and tools for binary code analysis in order to deal with the scale of growth in these interconnected embedded devices cannot be overstated. Continue reading

Rough Guide to IETF 100: Internet Infrastructure Resilience

As we approach IETF 100 in Singapore next week, this post in the Rough Guide to IETF 100 has much progress to report in the world of Internet Infrastructure Resilience. After several years of hard work, the last major deliverable of the Secure Inter-Domain Routing (SIDR) WG is done – RFC 8205, the BGPSec Protocol Specification, was published in September 2017 as standard. BGPsec is an extension to the Border Gateway Protocol (BGP) that provides security for the path of autonomous systems (ASes) through which a BGP update message propagates.

There are seven RFCs in the suite of BGPsec specifications:

• RFC 8205 (was draft-ietf-sidr-bgpsec-protocol) – BGPsec Protocol Specification
• RFC 8206 (was draft-ietf-sidr-as-migration) – BGPsec Considerations for Autonomous System (AS) Migration
• RFC 8207 (was draft-ietf-sidr-bgpsec-ops) – BGPsec Operational Considerations
• RFC 8208 (was draft-ietf-sidr-bgpsec-algs) – BGPsec Algorithms, Key Formats, and Signature Formats
• RFC 8209 (was draft-ietf-sidr-bgpsec-pki-profiles) – A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests
• RFC 8210 (was draft-ietf-sidr-rpki-rtr-rfc6810-bis) – The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1
• RFC 8211 (was draft-ietf-sidr-adverse-actions) – Adverse Actions by a Certification Authority (CA) or Repository Manager in the Resource Public Key Infrastructure (RPKI)

You can read more Continue reading

November 2017 IETF Journal Now Available Online

The November 2017 issue of the IETF Journal is now online at https://www.ietfjournal.org/journal-issues/november-2017/. With IETF 100 in Singapore starting this coming weekend, this is the perfect time to get caught up on what’s been happening in the world of Internet standards lately. (Starting next week, you can also learn more about the Internet Society’s work at IETF 100 via our series of Rough Guide blog posts.)

In this issue, you’ll learn about implementation work taking place in the Human Rights Protocol Considerations Research Group, the latest security updates to Network Time Protocol, new email-related Working Groups JMAP and EXTRA, as well as the important coding work that took place as part of the IETF Hackathon.

Our regular columns from the IETF, IAB, and IRTF chairs and coverage of the Birds-of-a-Feather meetings and presentations from the Applied Networking Research Prize winners wrap up the issue.

There will be print copies available at IETF in Singapore, the email version will hit subscribers’ inboxes in the coming days, and print subscribers will receive their issues shortly thereafter.

This issue marks the final hardcopy version of the IETF Journal. As we explain in “We’re Continue reading

Rough Guide to IETF 100 – Slinging Standards in Singapore

It’s time for the third and final IETF meeting of 2017. Starting on Sunday, 12 November, the Internet Engineering Task Force will be in Singapore for IETF 100, where about 1000 engineers will discuss the latest issues in open internet standards and protocols. All this week, we’re providing our usual Internet Society Rough Guide to the IETF via a series of blog posts on topics of mutual interest:

• Internet of Things (IoT)
• Routing Infrastructure Security Resilience
• IPv6
• DNSSEC, DANE and DNS Security
• Identity, Privacy, and Encryption

All these posts can be found on our blog and will be archived through our Rough Guide to IETF 100 overview page.

Here are some of the activities that the Internet Society is involved in and some of my personal highlights.

IETF Journal

Catch up on highlights from IETF 99 in Prague by reading the IETF Journal. You can read all the articles online at https://www.ietfjournal.org, or pick up a hardcopy in Singapore.

This issue marks the final hardcopy version; starting in 2018, we’ll be shifting our focus to longer-form articles online and via our Twitter and Facebook channels. In the meantime, this issue has articles on the Human Rights Continue reading

I’m Planning to Change the World

Earlier this week, the Internet Society published the booklet Enabling Digital Opportunities in the Middle East. Using research created by the Internet Society, ESCWA, and Wamda, it shows what positive and practical steps can be taken to increase digital opportunity and spread its benefits to all of society. Layal Jebran is one person who’s helping to make a difference.

Layal Jebran is the type of person who can give an interview on the phone while giving directions to her friends while walking through the streets of New York City looking for Thai food. She’s the type of person who can start multiple companies while traveling the world giving motivational speeches and accepting awards. To call the 29-year-old woman, a multitasker would be an understatement. In the startup world, she’s more like a superhero.

“I started as an activist when I was 12 years old,” Jebran said. “And my first startup happened my second year in college.”

That successful startup used the Internet to connect freelance advisers to clients who needed them in the Middle East, but like many entrepreneurs, Jebran didn’t stop there. Lyl Big Designs led to other projects, and she continued developing several different ideas Continue reading

What will it take? Building a future so the Internet brings opportunity to Europe.

Wondering how the Internet will impact your future in Europe? You’re not the only one.

We are only beginning to understand the full value that the Internet can bring to tomorrow’s world.

So how can we make certain the Internet of the tomorrow will help to do things like create jobs, ensure every citizen has access to municipal services, and close the divide between urban and rural areas?

A series of global talks now known as the Internet Society’s Regional Internet Development Dialogues are intended to help answer those questions and more.

The next one is in Brussels, Europe on November 7th 2017 and you’re invited:

Internet of Opportunity: Will the Internet Benefit all Europeans?

By bringing together people from very different backgrounds, these dialogues are meant to create a way for people to hear views and opinions outside of their comfort zone – and also to build understanding and unexpected partnerships.

The full day event, which is open to everyone who feels they have a stake in the Internet’s future, will bring together policy and decision makers, business leaders, and Europeans who want to make sure people can build a prosperous future.

Now is your chance to tell some Continue reading

Some Yubikeys Affected by Infineon Security Weakness

As Robin Wilton discussed a few days ago in Roca: Encryption Vulnerability and What to do About It, yet another security vulnerability has been discovered. If you have one of the ISOC-branded Yubikey 4s that we have given out at some conferences, they were affected by the recently disclosed Infineon vulnerability. See these two links for details:

• https://www.yubico.com/2017/10/infineon-rsa-key-generation-issue/
• https://www.yubico.com/support/security-advisories/ysa-2017-01/

This issue impacts only some limited uses of the keys. For details, see
https://www.yubico.com/keycheck/functionality_assessment.

You can get your ISOC-branded Yubikey 4 replaced at no cost to you by going to this page and following the instructions.

If you have questions or concerns, please contact Steve Olshansky, Internet Technology Program Manager, at <[email protected]>.

The post Some Yubikeys Affected by Infineon Security Weakness appeared first on Internet Society.

RIPE 75: IoT & Routing Security

RIPE 75 was held on 22-26 October 2017 in Dubai, United Arab Emirates, and was the second time the meeting has come to the Middle East. 483 participants from 54 countries including 175 newcomers came together to discuss operational issues and share expertise about the Internet, with a particular focus on the RIPE region that covers Europe, the Middle East and Central Asia.

Jan Žorž and Kevin Meynell from the Deploy360 team, along with Salam Yamout from the Middle East Bureau were also actively involved in the launch of a new Internet-of-Things Working Group, hosting a Routing Security BoF, and raising awareness of IRTF work on Human Rights Protocol Considerations.

The BoF session on ‘Internet Routing Health’ was organised by the Internet Society, and chaired by Jan and Benno Overreinder (NLnet Labs). The BoF attracted 20 participants variously drawn from commercial network operators and cloud providers, Regional Internet Registries (RIRs), and academia, with the aim of discussing ideas for measuring the health of the Internet routing system in order to obtain empirical data to strengthen the case for collaborative routing security.

The IoT session aimed to build on the RIPE IoT Roundtable meeting that was held on 21 September 2017 in Leeds, UK, and Continue reading

ROCA: Encryption vulnerability and what to do about it

Researchers recently discovered a dangerous vulnerability – called ROCA – in cryptographic smartcards, security tokens, and other secure hardware chips manufactured by Infineon Technologies. These articles on Ars Technica and The Register give a good background.

Is this a serious problem?

Yes. It’s serious in practice and in principle. Infineon used a flawed key generation routine, which means those keys are easier to crack, and the routine is used in chips embedded in a wide variety of devices. It’s reckoned that the flawed routine has been in use since 2012 and has probably been used to generate tens of millions of keys. Naturally, many of those keys will have been generated precisely because someone had data or resources that they particularly wanted to secure.

It’s serious because a flawed implementation managed to get through all the development and standardisation processes without being spotted, and has been widely deployed on mass-market devices.

What’s the flaw, and why does it cause a problem?

The flaw affects keys generated for the RSA and OpenPGP algorithms, both of which are public key crypto systems. Public key cryptography is based on pairs of keys, one of which is made public and the other kept private:

• Continue reading

RONOG4 meeting in Bucharest, Romania

The 4th edition of Romanian NOG (RONOG) is being held today, 31 October 2017, in Bucharest, Romania, and as the largest meeting of Internet technology professionals in Romania it is expecting to hit over 170 attendees.

As specified in the meeting agenda, I’ll deliver my talk about NAT64 experiments in the go6lab and also one very useful tool that came out of this testing – NAT64Check. I also have the honour of chairing the IPv6/IOT session.

I’m looking forward to being back in Bucharest and if you happen to be at RONOG4, please come and find me in the hallways as I’m always happy to chat about technology, IPv6, DNSSEC, DANE and everything else that makes our Internet a bit of a better place!

The post RONOG4 meeting in Bucharest, Romania appeared first on Internet Society.

IPv6, Routing Security, and More Coming to ION Belgrade

We’re getting pretty close to ION Belgrade on Thursday, 23 November. This ION will be held alongside the Republic of Serbia Network Operators’ Group (RSNOG). As usual, this ION also has generous support from our ION Conference Series Sponsor Afilias.

This time, we’re doing a half-day program focusing mostly on IPv6, Routing Security and MANRS, and the IETF. Here’s a quick look at the agenda:

• Opening Remarks
• Welcome from the ISOC Serbia Chapter
• MANRS, Routing Security, and Collaboration
• NAT64check
• What’s Happening at the IETF? Internet Standards and How to Get Involved
• Panel Discussion: IPv6 Success Stories
• Closing Remarks

Registration will open two weeks before the event (around 10 November) – watch here for announcements! RSNOG is also planning to livestream the whole event, so even if you can’t be there in person you’ll be able to follow along online. Stay tuned for more information on that in the coming weeks.

Will you be in Belgrade or watching online? Please speak up in the comments below or via our social media channels. Also feel free to follow along using #IONConf!

We hope to see you there, or at another event in the future!

The post IPv6, Routing Security, Continue reading

Nominations Now Open for 2018 ISOC Board of Trustees Election

The ISOC Nominations Committee is now inviting nominations for candidates to serve on the ISOC Board of Trustees.

In this years election cycle one Trustee will be elected by ISOC Organizational Members, one trustee by ISOC Chapters, and two will be selected by the Internet Engineering Task Force.

The Trustee positions are 3-year terms that will begin mid-year 2018 and expire mid-year 2021.

The Board of Trustees provides strategic direction, inspiration, and oversight to advance the Internet Society’s mission of preserving the open, global Internet.

If you or someone you know is interested in serving on the Board, please see the official Call for Nominations, additional information, and links to online nomination forms at www.internetsociety.org/trustees

Nominations close at 15:00 UTC on 15 December 2017.

The post Nominations Now Open for 2018 ISOC Board of Trustees Election appeared first on Internet Society.

Can We Expand the Multistakeholder Model for Internet Governance? A Feasibility Report

What can be done to expand the usage of the multistakeholder model for Internet governance?

Collaborative decision making has been at the heart of how the Internet has grown and developed since its earliest days. Multistakeholder approaches are used across the Internet ecosystem and have helped create the opportunities made possible by the Internet today. But as we outlined in our Global Internet Report 2017, more work is needed to expand the use of multistakeholder processes in order to tackle some of the most pressing challenges facing the future of the Internet.

As I wrote last summer, the Internet Society commissioned a feasibility study on expanding the use of the multistakeholder model for Internet governance , including three focus areas:

• Demonstrating the efficacy of the model
• Capacity building
• Research

I would like to thank Larry Strickling and Grace Abuhamad, who have led this work. Their report is based on interviews with a wide range ICT experts from academia, industry, the technical community, civil society and governments.  It details a possible framework for such an initiative, as well as the resources required. It also makes clear that any new initiative should support and complement existing initiatives such as the Internet Governance Forum Continue reading

Encryption and law enforcement can work together

The Internet Society and Chatham House will be hosting a roundtable of experts to deconstruct the debate on encryption and law enforcement access this week. I am not under any illusion that we will walk away with the solution. This is a complex problem: one that many have tried to solve, often with limited success. However, I am optimistic that the people in the room have the potential to look beyond their own positions, to consider the impact of decisions they may make concerning encryption, and to work together to unite two important societal objectives: the security of infrastructure, devices, data and communications; and the needs of law enforcement.

Perhaps the biggest dilemma facing both law enforcement and companies that provide digital services is – how much encryption is “enough” and who gets to decide?

There is an “encryption dichotomy” in the market: some services are more “law enforcement access friendly” than others. This dichotomy is not new. But, in the last four years, a number of leading tech companies with substantial customers bases have added more encryption and removed their ability to decrypt their customers’ content, to increase the privacy and security of their services. A side-effect of these Continue reading

Hello IPv6, Goodbye CGNs – Recent Discussions at a EU/Europol Meeting

Jan Zorz was recently invited to speak at a workshop held by the Estonian Presidency of the Council of the EU and Europol. Jan gave a well-received talk about how Slovenia widely deployed IPv6 and encouraged EU policymakers and law enforcement officials to do the same across Europe.

Per the press release, the workshop was “to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet.”

With IPv4 address space depleting, CGNs have been widely implemented to conserve public IPv4 address space. In other words, many customers are sharing a single public IPv4 address that often also changes over time. Problems with sharing IP addresses (and therefore CGNs) are well outlined in RFC 6269: “Such issues include application failures, additional service monitoring complexity, new security vulnerabilities, and so on.”

CGNs also present a problem for law enforcement agencies looking to investigate and prosecute crimes online, as it’s much more difficult to narrow down the culprit. This workshop had several IPv6 experts speak of their experiences, partially on the assertion that IPv6 deployment would eliminate CGNs and once again Continue reading

PNG-IX Network Security Workshop

The Internet Society (Aftab Siddiqui) and APNIC (Tashi Phuntsho) jointly conducted a Network Security Workshop in Port Moresby, Papua New Guinea (PNG) on 3-5 October 2017. This was arranged for current and potential members of the first neutral Internet Exchange Point (IX) in the country called PNG-IX, at the request of NICTA – the National Information and Communications Technology Authority – a government agency responsible for the regulation and licensing of Information Communication Technology (ICT) in Papua New Guinea. NICTA is also a key partner in establishing the Internet Exchange in PNG.

This first half of Day 1 (3 October) was dedicated to the PNG-IX awareness., such the role of an IX, how it works, why an IX has been established in PNG and why everyone should peer in order to achieve both short- and long-term benefits to the local Internet ecosystem. NICTA CEO Charles Punaha, NICTA Director Kila Gulo Vui, and APNIC Development Director Che-Hoo Cheng shared their views  

There were more than 40 participants in the Network Security workshop, with diverse backgrounds ranging from enterprise environments, state universities, financial institutions, telcos and ISPS. The training alumni completed lab work and learned about important security topics such as Continue reading

How Governments Can Be Smart about Artificial Intelligence

The French MP and Fields medal award winner, Cédric Villani, officially auditioned Constance Bommelaer de Leusse, the Internet Society’s Senior Director, Global Internet Policy, last Monday on national strategies for the future of artificial intelligence (AI). In addition, the Internet Society was asked to send written comments, which are reprinted here.

AI is not new, nor is it magic. It’s about algorithms.

“Intelligent” technology is already everywhere – such as spam filters or systems used by banks to monitor unusual activity and detect fraud – and it has been for some time. What is new and creating a lot of interest from governments stems from recent successes in a subfield of AI known as “machine learning,” which has spurred the rapid deployment of AI into new fields and applications. It is the result of a potent mix of data availability, increased computer power and algorithmic innovation that, if Continue reading

RIPE 75 starts in Dubai next week

The RIPE 75 meeting is happening next week in Dubai, United Arab Emirates, and it’s going to be a busy week for the Deploy360 team who are chairing and presenting in several sessions. Both Jan Žorž and Kevin Meynell will be there, along with our colleague Andrei Robachevsky, and we’ll also be reporting on relevant developments as usual.

Just to point out that the MANRS initiative is planning an informal BoF sometime during the week to discuss ideas for measuring the health of the Internet routing system. The aim is to develop some empirical data to strengthen the case for collaborative routing security, although the date and time of the BoF is still to be determined.

The RIPE meeting kicks off on Sunday this time, as that’s the start of the working week in Dubai. Proceedings commence with tutorials on IPv6 Deployment in Cellular networks, an Introduction to DDoS attacks, and one on Decoding the IoT ecosystem. These are followed by a Newcomers’ Introduction if you’re a first timer.

The opening plenary commences at 14.00 GST/UTC+4, and after the introductory pleasantries, one presentation not to miss is from Lee Howard (Retevia) on the State of IPv6-only. There’s also an Continue reading