Introducing Certificate Transparency and Nimbus

Introducing Certificate Transparency and Nimbus

Introducing Certificate Transparency and Nimbus

Certificate Transparency (CT) is an ambitious project to help improve security online by bringing accountability to the system that protects HTTPS. Cloudflare is announcing support for this project by introducing two new public-good services:

  • Nimbus: A free and open certificate transparency log
  • Merkle Town: A dashboard for exploring the certificate transparency ecosystem

In this blog post we’ll explain what Certificate Transparency is and how it will become a critical tool for ensuring user safety online. It’s important for website operators and certificate authorities to learn about CT as soon as possible, because participating in CT becomes mandatory in Chrome for all certificates issued after April 2018. We’ll also explain how Nimbus works and how CT uses a structure called a Merkle tree to scale to the point of supporting all trusted certificates on the Internet. For more about Merkle Town, read the [follow up post] by my colleague Patrick Donahue.

Trust and Accountability

Everything we do online requires a baseline level of trust. When you use a browser to visit your bank’s website or your favorite social media site, you expect that the server on the other side of the connection is operated by the organization indicated in Continue reading

Is Patching And Tech Support Bad? A Response

Hopefully, you’ve had a chance to watch this 7 minute video from Greg Ferro about why better patching systems can lead to insecure software. If you haven’t, you should:

Greg is right that moral hazard is introduced because, by definition, the party providing the software is “insured” against the risks of the party using the software. But, I also have a couple of issues with some of the things he said about tech support.

Are You Ready For The Enterprise

I’ve been working with some Ubiquiti access points recently. So far, I really enjoy them and I’m interested to see where their product is going. After doing some research, the most common issue with them seems to be their tech support offerings. A couple of Reddit users even posted in a thread that the lack of true enterprise tech support is the key that is keeping Ubiquiti from reaching real enterprise status.

Think about all the products that you’ve used over the last couple of years that offered some other kind of support aside from phone or rapid response. Maybe it was a chat window on the site. Maybe it was an asynchronous email system. Hell, if you’ve ever installed Continue reading

IDG Contributor Network: Stay smart as you approach the edge

Fundamental to harnessing the full potential of the Internet of Things (IoT) is the need for decisions to be made in real time, and it’s in addressing this that discussions have turned to the subject of edge computing over recent years.Before the data generated by myriad of connected IoT devices is sent to the centralized cloud, edge computing sees it stored and processed locally, in distributed micro-clouds at the edge of the network, closer to where the devices are placed, and the data produced. Doing so cuts down on the need for data traffic to be back-hauled to and from a remote data center, thus making it ideal for supporting the real time data delivery required by the IoT.To read this article in full, please click here

IDG Contributor Network: Stay smart as you approach the edge

Fundamental to harnessing the full potential of the Internet of Things (IoT) is the need for decisions to be made in real time, and it’s in addressing this that discussions have turned to the subject of edge computing over recent years.Before the data generated by myriad of connected IoT devices is sent to the centralized cloud, edge computing sees it stored and processed locally, in distributed micro-clouds at the edge of the network, closer to where the devices are placed, and the data produced. Doing so cuts down on the need for data traffic to be back-hauled to and from a remote data center, thus making it ideal for supporting the real time data delivery required by the IoT.To read this article in full, please click here

IDG Contributor Network: Stay smart as you approach the edge

Fundamental to harnessing the full potential of the Internet of Things (IoT) is the need for decisions to be made in real time, and it’s in addressing this that discussions have turned to the subject of edge computing over recent years.Before the data generated by myriad of connected IoT devices is sent to the centralized cloud, edge computing sees it stored and processed locally, in distributed micro-clouds at the edge of the network, closer to where the devices are placed, and the data produced. Doing so cuts down on the need for data traffic to be back-hauled to and from a remote data center, thus making it ideal for supporting the real time data delivery required by the IoT.To read this article in full, please click here

Edinburgh: 139th Cloudflare city

Edinburgh: 139th Cloudflare city

Edinburgh: 139th Cloudflare city

Our newest data center in Edinburgh expands our current total to 139 cities globally with a Cloudflare deployment. It also brings our UK total to 3 cities, after London and Manchester.

The city

Edinburgh is the capital of Scotland, located in the Lothian region. It has been recognised as the capital since the 15th century, and is the home of the Scottish government, parliament and supreme courts. It is a city of many hills, with important landmarks such as Edinburgh Castle being built at the top of a hill.

Edinburgh: 139th Cloudflare city
Photo by Nicola Gadler / Unsplash

Culture

One of the most famous events held each year in Edinburgh is the Fringe Festival, which is reported to be the world's largest arts festival. Many famous comedians have made their big break at this very festival.

Building a community

The internet community in the UK is very well established, but mostly concentrated on London and Manchester, with a heavy emphasis on London. By deploying in Edinburgh we're encouraging ISPs to regionalise their traffic, away from just London. We're connected to IXScotland, and are actively seeking to peer with other connected networks, to help build the peering community.

Regional expansion

Can Continue reading

Presentation and Video: Real-Life Automation Wins

The networking engineers attending the Building Network Automation Solutions online course created numerous amazing automation solutions, most of them already deployed in production networks.

I described some of them in my Troopers 2018 Real-Life Automation Wins talk. The presentation is online and the video has been published on YouTube a few days ago. I hope you’ll find it as inspirational as the Troopers attendees did.

Did you create an awesome automation solution? I’d like to hear about it!

This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.

IETF 101, Día 5: Todo claro, verdad?

Esta semana tiene lugar el IETF 101 en Londres. El Equipo de Tecnología de Internet de ISOC te trae entradas diarias de blog que destacan los temas de interés.

A NOTAR: Si no puedes asistir al IETF 101 personalmente, hay muchas posibilidades de participar a distancia

Homenet comienza a 09.30 GMT/UTC. Homenet en este momento tiene el perfil  Babel del protocolo de enrutamiento. Otros borradores incluidos son: Simple Homenet Naming and Service Discovery ArchitectureOutsourcing Home Network Authoritative Naming Service, y DHCPv6 Options for Homenet Naming Architecture.

Para saber más haz clic aquí

The post IETF 101, Día 5: Todo claro, verdad? appeared first on Internet Society.

IETF 101, Day 5: All Sorted, Innit?

This week is IETF 101 in London, and we’ve been bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Friday is only a half-day, but there’s still a couple of interesting sessions to wrap-up the week.

NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.

Homenet starts at 09.30 GMT/UTC, and has the Homenet profile of the Babel routing protocol currently in IETF Last Call. Other drafts being discussed include the Simple Homenet Naming and Service Discovery ArchitectureOutsourcing Home Network Authoritative Naming Service, and DHCPv6 Options for Homenet Naming Architecture.

The remainder of the agenda will be a discussion about Homenet security in relation to the home perimeter, HNCP and Babel, as well as appropriate trust models and how to establish trust.

ROLL continues from where it left off on Thursday morning, also starting at 09.30 GMT/UTC. There are several drafts being discussed dealing with the issues of routing over resource constrained networks where limited updates are possible.

So that brings the IETF in London to a close, and hopefully we’ve also given you a bit of an Continue reading

Cebu City, Philippines: Cloudflare’s 138th Data Center

Cebu City, Philippines: Cloudflare's 138th Data Center

Cebu City, Philippines: Cloudflare's 138th Data Center

Cebu City, the second most populous metro area, but oldest city in the Philippines is the home of Cloudflare’s newest Data Center.

Located centrally in the Philippines, Cebu has had a long standing tradition of trade and business activity, the word itself “Cebu” meaning trade. It’s central location brings excellent coverage to central and southern Philippines, while our existing location in Manila, serving the Manila Metro and northern Philippines.

Cebu City, Philippines: Cloudflare's 138th Data Center
Photo by Zany Jadraque / Unsplash

Cebu’s history covers hundreds of years, with rich local culture and international influence dating back from the first Spanish visitors to modern trade and shipping. One of the more popular dishes is Lechon.

Cebu has infamous white sand beaches, in-between making millions of websites and applications faster and more secure for the Philippine internet users, we hope our servers can get some excellent R&R on the famous beaches.

Cisco, Verizon take Information-Centric Networking for a real-world spin

Cisco and Verizon teamed up recently to show off the content-aware technology they say will seriously improve the performance and security of networks of the future, including 5G wireless and IoT environments.Cisco has long been a proponent of the technology known as Information Centric Networking (ICN), which lets applications request data by a name that is based on its content rather than its location (IP address). [ Find out how 5G wireless could change networking as we know it and how to deal with networking IoT. | Get regularly scheduled insights by signing up for Network World newsletters. ] Cisco says that by using such technology the network can locate and retrieve data dynamically from any source – an important feature for future mobile and IoT environments.  As for improving security, Cisco says the technology secures and authenticates the data itself, rather than setting up point-to-point connections to authenticated hosts.To read this article in full, please click here

OCP Summit 2018

Network telemetry was a popular topic at the recent OCP U.S. Summit 2018 in San Jose, California, with an entire afternoon track of the two day conference devoted to the subject. Videos of the talks should soon be posted on the conference web site.

The following articles on this blog cover related topics:
In addition, there were a couple of live sFlow telemetry demonstration in the conference exhibit hall.
The first was a demonstration of leaf and spine fabric visibility using white box switches running the open source Linux Foundation OpenSwitch network operating system. OpenSwitch describes how the open source Host sFlow agent enables standard sFlow instrumentation in merchant silicon based white box switches using OpenSwitch Control Plane Services (CPS), which in turn programs the silicon using the OCP Switch Abstraction Interface (SAI).

The rack in the booth contains a two spine, five leaf network. Each of the switches in the network Continue reading

How Many Bandwidths Does An SD-WAN Need? – Video

Note: This article was first published at Packet Pushers.net on March 5, 2018   I was preparing for a podcast and started comparing the complexity of a private vs. public WAN. I doodled some diagrams and realized that using Internet bandwidth for SD-WAN to replace private bandwidth is actually simpler. Perhaps because the familiar is always […]
1 1,655 1,656 1,657 1,658 1,659 3,820