Archive

Category Archives for "Networking"

Deprecating TLS 1.0 and 1.1 on api.cloudflare.com

Deprecating TLS 1.0 and 1.1 on api.cloudflare.com

On June 4, Cloudflare will be dropping support for TLS 1.0 and 1.1 on api.cloudflare.com. Additionally, the dashboard will be moved from www.cloudflare.com/a to dash.cloudflare.com and will require a browser that supports TLS 1.2 or higher.

No changes will be made to customer traffic that is proxied through our network, though you may decide to enforce a minimum version for your own traffic. We will soon expose TLS analytics that indicate the percent of connections to your sites using TLS 1.0-1.3, and controls to set a specific minimum version. Currently, you may enforce version 1.2 or higher using the Require Modern TLS setting.

Prior to June 4, API calls made with TLS 1.0 or 1.1 will have warning messages inserted into responses and dashboard users will see a banner encouraging you to upgrade your browser. Additional details on these changes, and a complete schedule of planned events can be found in the timeline below.

Background

Transport Layer Security (TLS) is the protocol used on the web today to encrypt HTTPS connections. Version 1.0 was standardized almost 20 years ago as the successor to SSL Continue reading

Space To Think My Own Thoughts

Everyone Creates

A challenge for people who make things is living in a world where everyone else makes things, too. On the Internet, everyone seems to be making something they want you to consider and approve of.

Sometimes, that Internet creation is as simple as a tweet or Facebook post. Like it! Share it! Retweet it! More complex creations, like this blog post, are still easy enough to make and share that there are likely hundreds of new articles you might be asked to read in a week.

If you were to carefully keep up with everything you subscribe to or follow, your mind would never have time to itself. You’d never be able to think your own thoughts. You’d be too busy chewing on the thoughts of other people.

Overconsumption

For this reason, I believe constant consumption damages productivity. Designers, architects, artisans, writers, and other creators need time to think through what they are making. Writers need a subject and word flow to clearly communicate. Technology architects need to deeply consider the implications of their designs from multiple angles.

Deep consideration takes contiguous blocks of time. Achieving a flowing state of mind takes uninterrupted time. Thoughts build one on Continue reading

Space To Think My Own Thoughts

Everyone Creates

A challenge for people who make things is living in a world where everyone else makes things, too. On the Internet, everyone seems to be making something they want you to consider and approve of.

Sometimes, that Internet creation is as simple as a tweet or Facebook post. Like it! Share it! Retweet it! More complex creations, like this blog post, are still easy enough to make and share that there are likely hundreds of new articles you might be asked to read in a week.

If you were to carefully keep up with everything you subscribe to or follow, your mind would never have time to itself. You’d never be able to think your own thoughts. You’d be too busy chewing on the thoughts of other people.

Overconsumption

For this reason, I believe constant consumption damages productivity. Designers, architects, artisans, writers, and other creators need time to think through what they are making. Writers need a subject and word flow to clearly communicate. Technology architects need to deeply consider the implications of their designs from multiple angles.

Deep consideration takes contiguous blocks of time. Achieving a flowing state of mind takes uninterrupted time. Thoughts build one on Continue reading

The Week in Internet News: AI Ain’t Gonna Steal My Job

AI on the job: Many U.S. residents believe that artificial intelligence will replace some workers over the next decade or so, but it won’t take theirs, according to a story in the New York Times. But it’s not all doom and gloom, because advances in AI and robotics can actually create more jobs, Tim Johnson, CEO of IT staffing firm Mondo, writes in Forbes.

Fixing the IoT: The U.K. government issued a set of guidelines for Internet-of-things device makers to better secure their products. Among the recommendations: Issue regular software updates, get rid of default passwords, and warn customers promptly about vulnerabilities. Ok, so it’s not rocket science, but it seems that some IoT device makers haven’t done some of these things in the past. Some critics also believe the guidelines lack teeth, according to a story in ITpro.

The Blockchain election: The use of Blockchain technologies could help resolve some continuing problems with voting, according to a story by Bitcoin Magazine run on Nasdaq.com. The use of a Blockchain ledger could address the old “hanging chad” problem from the 2000 U.S. election, and it could bring new privacy and security to elections, according to the Continue reading

Applied Networking Research Workshop (ANRW) Call for Papers Due 20 April

We’re excited to share news of the third edition of the Applied Networking Research Workshop (ANRW2018), which will take place in Montreal, Quebec, on Monday, July 16 at the venue of the Internet Engineering Task Force (IETF) 102 meeting. The workshop program already includes some great invited talks and the Call for Papers is open now, with a deadline of 20 April.

ANRW2018 will provide a forum for researchers, vendors, network operators and the Internet standards community to present and discuss emerging results in applied networking research. The workshop will also create a path for academics to transition research back into IETF standards and protocols, and for academics to find inspiration from topics and open problems addressed at the IETF. Accepted short papers will be published in the ACM Digital Library.

ANRW2018 particularly encourages the submission of results that could form the basis for future engineering work in the IETF, that could change operational Internet practices, that can help better specify Internet protocols, or that could influence further research and experimentation in the Internet Research Task Force (IRTF).

If you have some relevant work and would like to join us in Montreal for the workshop and maybe stick Continue reading

Rough Guide to IETF 101: Internet Infrastructure Resilience

In this post of the Internet Society Rough Guide to IETF 101, I’ll focus on important work the IETF is doing that helps improve security and resilience of the Internet infrastructure.

BGP

What happens if an IXP operator begins maintenance work on the switches without ensuring that BGP sessions between the peers have been shut down? A network disruption and outage. A draft now in the RFC editor queue, “Mitigating Negative Impact of Maintenance through BGP Session Culling”, provides guidance to IXP operators on how to avoid such situations by forcefully tearing down the BGP sessions (session culling) affected by the maintenance before the maintenance activities commence. This approach allows BGP speakers to pre-emptively converge onto alternative paths while the lower layer network’s forwarding plane remains fully operational.

Another draft also in the RFC editor queue, “Graceful BGP session shutdown”, addresses issues related to planned maintenance. The procedures described in this document can be applied to reduce or avoid packet loss for outbound and inbound traffic flows initially forwarded along the peering link to be shut down.  These procedures trigger, in both Autonomous Systems (AS), rerouting to alternate paths if they exist within the Continue reading

Rough Guide to IETF 101: Back to London

Starting next weekend, the Internet Engineering Task Force will be in London for IETF 101, where about 1000 engineers will discuss open internet standards and protocols. The week begins on Saturday, 17 March, with a Hackathon and Code Sprint. The IETF meeting itself begins on Sunday and goes through Friday.

As usual, we’ll write our ‘Rough Guide to the IETF’ blog posts on topics of mutual interest to both the IETF and the Internet Society:

  • Overview of ISOC @ IETF
  • Routing Infrastructure Security Resilience
  • Internet of Things
  • IPv6
  • DNSSEC, DANE and DNS Security
  • Identity, Privacy, and Encryption
  • Community Networks

More information about IETF 101:

Here are some of the activities that the Internet Society is involved in during the week.

IETF Journal

Catch up on the world of the IETF and open Internet standards by reading the IETF Journal. The November issue marked the final printed version; now we plan to share longer-form articles online and via our Twitter and Facebook channels. Our two most recent articles are “Big Changes Ahead for Core Internet Protocols” by Mark Nottingham and “QUIC: Bringing flexibility to the InternetContinue reading

Worth Reading: How to Talk to a C-Level Executive

Ever wondered who manages to produce deja-moo like this one and why they’d do it?

We unveiled a vision to create an intuitive system that anticipates actions, stops security threats in their tracks, and continues to evolve and learn. It will help businesses to unlock new opportunities and solve previously unsolvable challenges in an era of increasing connectivity and distributed technology.

As Erik Dietrich explains in his blog post, it’s usually nothing more than a lame attempt to pretend there are some clothes hanging on the emperor.

Just in case you’re interested: we discussed the state of Intent-Based Majesty’s wardrobe in Network Automation Use Cases webinar.

Disjoint Path Routing and LP

We are all well aware about the problem space of finding the Shortest Path and use of Dijsktra algorithm. In this blog, we will take a peek at the problem space for Disjoint Path routing, see how it can be reduced to the optimization problem and a few algorithms in that space. So first, let’s […]

CGN, IPv6 and fighting online crime…

Carrier Grade NAT (CGN) is commonly used by network operators as a way of ekeing out the limited supply of public IPv4 addresses. This is where private IPv4 addresses are allocated to end customers, who in turn also use private IPv4 address ranges on their own Local Area Networks, which means there can be multiple layers of Network Address Translation (NAT) before traffic reaches the publicly addressed Internet.
Whilst CGN offers something of a technical solution to the shortage of public IPv4 addresses, it presents a number of problems for investigating and solving online crime. A CGN environment means that many hundreds of users can be sharing a single public IPv4 address, so that when a crime is committed, tracing the perpetrator is very difficult. Furthermore, sometimes action needs to be taken against a public IPv4 address that’s the origin of particular problems, but this then penalises many hundreds or even thousands of innocent users who may also be sharing that IP address.
Europol, the European Union Agency for Law Enforcement Cooperation, has identified that CGN is an impediment to investigating online crime, and is therefore consulting the Internet community on how network operators can be encouraged to deploy IPv6.