How do RFC3161 timestamps work?
RFC3161 exists to demonstrate that a particular piece of information existed at a certain time, by relying on a timestamp attestation from a trusted 3rd party. It's the cryptographic analog of relying on the date found on a postmark or a notary public's stamp.How does it work? Let's timestamp some data and rip things apart as we go.
First, we'll create a document and have a brief look at it. The document will be one million bytes of random data:
$ dd if=/dev/urandom of=data bs=1000000 count=1
1+0 records in
1+0 records out
1000000 bytes transferred in 0.039391 secs (25386637 bytes/sec)
$ ls -l data
-rw-r--r-- 1 chris staff 1000000 Dec 21 14:10 data
$ shasum data
3de9de784b327c5ecec656bfbdcfc726d0f62137 data
$
Next, we'll create a timestamp request based on that data. The -cert option asks the timestamp authority (TSA) to include their identity (certificate chain) in their reply and -no_nonce omits anti-replay protection from the request. Without specifying that option we'd include a large random number in the request.
$ openssl ts -query -cert -no_nonce < data | hexdump -C
Using configuration from /opt/local/etc/openssl/openssl.cnf
00000000 30 29 02 01 01 30 21 30 09 06 05 2b 0e 03 Continue readingThe Saga of T-Mobile US and Sprint’s Quest to Merge
While there have been many twists and turns in the 20 months since the deal was announced, the...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
First Half 2019 Transparency Report and an Update on a Warrant Canary
Today, we are releasing Cloudflare’s transparency report for the first half of 2019. We recognize the importance of keeping the reports current, but It’s taken us a little longer than usual to put it together. We have a few notable updates.
Pulling a warrant canary
Since we issued our very first transparency report in 2014, we’ve maintained a number of commitments - known as warrant canaries - about what actions we will take and how we will respond to certain types of law enforcement requests. We supplemented those initial commitments earlier this year, so that our current warrant canaries state that Cloudflare has never:
- Turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone.
- Installed any law enforcement software or equipment anywhere on our network.
- Terminated a customer or taken down content due to political pressure*
- Provided any law enforcement organization a feed of our customers' content transiting our network.
- Modified customer content at the request of law enforcement or another third party.
- Modified the intended destination of DNS responses at the request of law enforcement or another third party.
- Weakened, compromised, or subverted any of its encryption at the request of law Continue reading
Is VMware Winning the Cloud Wars?
In its most recent quarter VMware saw hybrid cloud and SaaS representing more than 13% of its total...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
NTT DoCoMo Trials Homegrown 5G RAN
Japan has a long history of designing and building its own radio access network (RAN) equipment for...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Nvidia’s Mellanox Deal Gains EU Stamp
Nvidia's $6.9 billion quest to acquire Mellanox inched a little closer to completion after the...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Microsoft, Ericsson Connect Clouds to Connect Cars
The collaboration will provide a “a comprehensive connected vehicle platform at scale to the...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Stop SIS – Self-Inflicted Spam
Last month I ran across a great blog post by Jed Casey (@WaxTrax) about letting go of the digital hoard that he had slowly been collecting over the years. It’s not easy to declare bankruptcy because you’ve hit your limit of things that you can learn and process. Jed’s focus in the article is that whatever he was going to try and come up with was probably out of date or past its prime. But it got me to thinking about a little project that I’ve been working on over the past few months.
Incoming!
One of the easy ways to stay on top of things in the industry is to sign up for updates. A digest email here and a notification there about new posts or conversations is a great way to stay in-the-know about information or the latest, greatest thing. But before you know it you’re going to find yourself swamped with incoming emails and notifications.
I’ve noticed it quite a bit in my inbox this year. What was once a message that I would read to catch up became a message I would scan for content. That then became a message that I skipped past Continue reading
Weekly Wrap: Fortinet Leapfrogs Cisco With 21,000 SD-WAN Customers
SDxCentral Weekly Wrap for Dec. 30, 2019: The SD-WAN space has become a numbers game; Google Cloud...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Deutsche Welle Spotlights Tanzania’s Kondoa Community Network
Nearly half of the world lacks Internet access. But in rural Africa, the number is much higher: 86% of people are unconnected, with fewer women having access than men.
Deutsche Welle, Germany’s public broadcaster, shares the story of the Kondoa Community Network, a joint project of the Internet Society Tanzania Chapter and the University of Dodoma, that’s helping to close the digital divide. It’s connecting schools and community centers – and making a difference to young women.
Want to hear more?
Last year, Deutsche Welle profiled three additional community networks in Zimbabwe, the Republic of Georgia, and South Africa. Read about the community networks and listen to their stories!
The Internet is for everyone. Learn more about community networks and join the global movement to help close the digital divide!
Images ©Internet Society/Nyani Quarmyne/Panos Pictures
The post Deutsche Welle Spotlights Tanzania’s Kondoa Community Network appeared first on Internet Society.
Last year review and resolutions for 2020
As the end of the year approaches, it is time to make a review of the past year and see what I would like to do, what I must do, and what I can improve in 2020. In brief, here’s my last year review and resolutions for 2020. 2019 Review New position This year was really intense for me; not only did I change company, but I also changed my main technology as a network engineer. I went from being a consultant in enterprise networking, doing routing, switching, wireless and…
The post Last year review and resolutions for 2020 appeared first on AboutNetworks.net.
Heavy Networking 496: Packet Pushers 2019 Live Audience Q&A
The Packet Pushers hosted a livestream Q&A where a panel of commentators answered live audience questions. Topics covered include Cisco's new ASIC, whether multi-cloud will get its own hypervisor, a new Cisco certification path, and more.
The post Heavy Networking 496: Packet Pushers 2019 Live Audience Q&A appeared first on Packet Pushers.
F5 Buys Shape for $1B to Dominate Application Security
Shape boasts that it protects more accounts from fraud than everyone else combined. Its customers...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Enforcing Network Security Policies with GitOps – Part 1
“How do I enable GitOps for my network security policies?” This is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, and security.
Most security teams already have a high-level security blueprint for their data centers. The challenge is in implementing that in the context of a Kubernetes cluster and workload security. Network policy is a key element of Kubernetes security. Network policy is expressed as a YAML configuration and works very well with GitOps.
We will do a three-part blog series covering GitOps for network security policies. In part one (this part), we cover the overview and getting started with a working example tutorial. In part two, we will extend the tutorial to cover an enterprise-wide decentralized security architecture. In the final part, we will delve into policy assurance with examples.
Note that all policies in Calico Enterprise (network security policy, RBAC, threat detection, logging configuration, etc.) are enforced as YAML configuration files, and can be enforced via a GitOps practice.
By adopting GitOps, security teams benefit in the following ways:
- Take your policies Continue reading
VMware, CenturyLink, 128 Unveil Holiday SD-WAN Deals
Those receiving SD-WAN gifts include Hughes Networks, Braskem, and Impulse Advanced...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Instana Gifts Itself a Triple Acquisition
Instana CEO Mirko Novakovic said the acquisitions advance the company's vision to "accelerate...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
An Update on CDNJS
When you loaded this blog, a file was delivered to your browser called jquery-3.2.1.min.js. jQuery is a library which makes it easier to build websites, and was at one point included on as many as 74.1% of all websites. A full eighteen million sites include jQuery and other libraries using one of the most popular tools on Earth: CDNJS. Beginning about a month ago Cloudflare began to take a more active role in the operation of CDNJS. This post is here to tell you more about CDNJS’ history and explain why we are helping to manage CDNJS.
What CDNJS Does
Virtually every site is composed of not just the code written by its developers, but also dozens or hundreds of libraries. These libraries make it possible for websites to extend what a web browser can do on its own. For example, libraries can allow a site to include powerful data visualizations, respond to user input, or even get more performant.
These libraries created wondrous and magical new capabilities for web browsers, but they can also cause the size of a site to explode. Particularly a decade ago, connections were not always fast enough Continue reading
EU Set to Green-Light Nvidia’s $6.9B Mellanox Acquisition
The deal will likely receive an unconditional approval from EU antitrust regulators, according to...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Ampere Teases Next-Gen Chip, Teams Up With Nokia at the Edge
These chips, designed for cloud and edge computing, use TSMC’s 7nm technology and have 80...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.