Rough Guide to IETF 101: DNSSEC, DANE, DNS Security and Privacy

It’s going to be a crazy busy week in London next week in the world of DNS security and privacy! As part of our Rough Guide to IETF 101, here’s a quick view on what’s happening in the world of DNS.  (See the full agenda online for everything else.)

IETF 101 Hackathon

As usual, there will be a good-sized “DNS team” at the IETF 101 Hackathon starting tomorrow. The IETF 101 Hackathon wiki outlines the work (scroll down to see it). Major security/privacy projects include:

  • Implementing some of the initial ideas for DNS privacy communication between DNS resolvers and authoritative servers.
  • Implementation and testing of the drafts related to DNS-over-HTTPS (from the new DOH working group).
  • Work on DANE authentication within systems using the DNS Privacy (DPRIVE) mechanisms.

Anyone is welcome to join us for part or all of that event.

Thursday Sponsor Lunch about DNSSEC Root Key Rollover

On Thursday, March 22, at 12:30 UTC, ICANN CTO David Conrad will speak on “Rolling the DNS Root Key Based on Input from Many ICANN Communities“. As the abstract notes, he’ll be talking about how ICANN got to where it is today with the Continue reading

Is NRE The Evolution Of A Network Architect?

While the various concepts behind automation and programmability have trickled into the network space at an exponential rate, enterprises have been left scratching their heads regarding the most effective way to incorporate these ideas into their teams.  Do you send your entire team on a week long Python retreat and assume everyone can immediately start […]

Short-term Internet Shutdown in Bali Tied to Holiday

The Indonesian province of Bali has asked mobile providers to shut down customers’ access to the Internet during Nyepi, a Hindu holiday known as the Day of Silence.

Mobile Internet access will be cut off at 6 a.m. local time Saturday, March 17, and the island’s airport will also close for 24 hours during the New Year celebration. Other Internet access will be available during the holiday, the Bali government said.

Internet advocates oppose shutdowns, saying they can hurt local economies and endanger users who depend on connections to contact emergency and health services. Internet shutdowns cost countries $2.4 billion in 2015, according to a Brookings Institute study.

“In a globally connected world, social and economic freedoms depend on reliable access to the Internet,” Sally Shipman Wentworth, the Internet Society’s vice president of global policy development, wrote in Quartz recently. “The internet is the lifeline to the global economy and each shutdown contributes to a more divided world.”

Without Internet access, many business activities are also disrupted, she said. Digital payments can’t be made, contracts can’t be signed, and data in the cloud can’t be accessed.

Although the Internet outage in Bali is limited, it can Continue reading

Stuff The Internet Says On Scalability For March 16th, 2018

Hey, it's HighScalability time:

 

Hermetic symbolism was an early kind of programming. Symbols explode into layers of other symbols, like a programming language, only the instruction set is the mind.

 

If you like this sort of Stuff then please support me on Patreon. And I'd appreciate if you would recommend my new book—Explain the Cloud Like I'm 10—to anyone who needs to understand the cloud (who doesn't?). I think they'll learn a lot, even if they're already familiar with the basics.

 

  • ~30: AWS services used by iRobot; 450,000: Shopify S3 operations per second; $240: yearly value of your data; ~day: time to load a terabyte from Postgres into BigQuery; 5 million: viewers for top Amazon Prime shows; 130,000: Airbusians move from Microsoft Office to Google Suite; trillion: rows per second processed by MemSQL; 38 million: Apple Music paid members; 4 million: Microsoft git commits for a Windows release; 

  • Quotable Quotes:
    • Stephen Hawking: Although I cannot move and I have to speak through a computer, in my mind I am free.
    • Roger Penrose: Despite [Stephen Hawking] terrible physical circumstance, he almost always remained positive about life. He Continue reading

Rough Guide to IETF 101: Privacy, Identity, and Encryption

It’s that time again! In this post of the Rough Guide to IETF 101, I’ll take a quick look at some of the identity, privacy, and encryption related activities at IETF this coming week. Below a few of the many relevant activities are highlighted, but there is much more going on so be sure to check out the full agenda online.

Encryption

Encryption continues to be a priority of the IETF as well as the security community at large. Related to encryption, there is the TLS working group developing the core specifications, several working groups addressing how to apply the work of the TLS working group to various applications, and the Crypto-Forum Research Group focusing on the details of the underlying cryptographic algorithms.

The Transport Layer Security (TLS) Working Group is a key IETF effort developing core security protocols for the Internet. The big news out of this working group is the IESG approval of the TLS 1.3 specification. There is still some way to go before final publication, but the end is in sight.

There will be two TLS sessions this week. The Monday session will focus primarily on the ongoing discussion of data center operator concerns Continue reading

Weekend reads 031618: Notes on memcache, GDPR and whois, and the end of Symantec certificates

ICANN has consistently said its intention in complying with the European Union’s General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database “to greatest extent possible.” On February 28, ICANN published its proposed model. —Brian Winterfeldt @CircleID

We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to replace these certificates will result in site breakage in upcoming versions of major browsers, including Chrome. @Google

I’ve been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of “crypto zealots”. He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet’s protocols behind session level encryption as it possibly can. He argues that ETSI’s work on middlebox security protocols is a more responsible approach, and the enthusiastic application of TLS in IETF protocol Continue reading

What to do if your cloud provider stops offering its services

What would your organization do if your cloud provider were to go out of business? What happens if your cloud provider suddenly stops offering critical services that your organization requires for its business to function properly? Businesses need to start asking these important questions and develop plans to address these scenarios.The cloud is a new market that continues to grow, and there are more small players offering their services. According to Gartner, Cloud System Infrastructure Services (IaaS) are expected to grow from $45.8 billion in revenue in 2018 to $72.4 billion in 2020. As the market matures, it's only natural that some of these organizations will disappear or stop offering certain services. In 2013, Nirvanix stopped offering it cloud services and gave customers only two weeks’ notice to move their data off of their platform.To read this article in full, please click here

What to do if your cloud provider stops offering its services

What would your organization do if your cloud provider were to go out of business? What happens if your cloud provider suddenly stops offering critical services that your organization requires for its business to function properly? Businesses need to start asking these important questions and develop plans to address these scenarios.The cloud is a new market that continues to grow, and there are more small players offering their services. According to Gartner, Cloud System Infrastructure Services (IaaS) are expected to grow from $45.8 billion in revenue in 2018 to $72.4 billion in 2020. As the market matures, it's only natural that some of these organizations will disappear or stop offering certain services. In 2013, Nirvanix stopped offering it cloud services and gave customers only two weeks’ notice to move their data off of their platform.To read this article in full, please click here

When Redundancy Strikes

Networking and systems professionals preach the value of redundancy. When we tell people to buy something, we really mean “buy two”. And when we say to buy two, we really mean buy four of them. We try to create backup routes, redundant failover paths, and we keep things from being used in a way that creates a single point of disaster. But, what happens when something we’ve worked hard to set up causes us grief?

Built To Survive

The first problem I ran into was one I knew how to solve. I was installing a new Ubiquiti Security Gateway. I knew that as soon as I pulled my old edge router out that I was going to need to reset my cable modem in order to clear the ARP cache. That’s always a thing that needs to happen when you’re installing new equipment. Having done this many times, I knew the shortcut method was to unplug my cable modem for a minute and plug it back in.

What I didn’t know this time was that the little redundant gremlin living in my cable modem was going to give me fits. After fifteen minutes of not getting the system to come Continue reading

CEOs and Encryption: The Questions You Need to Ask Your Experts

Barely a week passes without something in the news that reminds us of the critical role encryption plays in securing our data. It is a technology that protects so much of what we rely on, as individuals protecting our privacy, as companies securing our business assets and transactions, and as governments responsible for critical national infrastructure. 

As a CEO, I needed to know what questions I should be asking my technical experts about encryption and its use, so I asked my staff to produce this paper. I found it to be so useful that I thought we should share it with other executives as they try to understand and manage this complex but indispensable technology.

We believe, at the Internet Society, that encryption is a MUST for protecting what is one of the most valuable assets we manage—data.  We hope this paper can be helpful to you.

— Kathy Brown, CEO, Internet Society

The request Kathy mentions came after the San Bernardino shootings in California (which reinvigorated the debate about third party access to encrypted information), and after a former Director of the UK’s Government Communications Headquarters (GCHQ) had set out his view in these terms:

“Encryption is overwhelmingly Continue reading

Another selling point of bare-metal cloud providers: local service

Several things make bare-metal cloud providers appealing compared with traditional cloud providers, which operate in a virtualized environment. Bare-metal providers give users more control, more access to hardware, more performance, and the ability to pick their own operating environment.There's another interesting angle, as articulated by Martin Blythe, a research fellow with Gartner. He maintains that bare-metal providers appeal to small and mid-sized businesses (SMBs) because those companies are often small, local players, and SMBs looking for something more economical than hosting their own data center often want to keep the data center nearby.To read this article in full, please click here

Another selling point of bare-metal cloud providers: local service

Several things make bare-metal cloud providers appealing compared with traditional cloud providers, which operate in a virtualized environment. Bare-metal providers give users more control, more access to hardware, more performance, and the ability to pick their own operating environment.There's another interesting angle, as articulated by Martin Blythe, a research fellow with Gartner. He maintains that bare-metal providers appeal to small and mid-sized businesses (SMBs) because those companies are often small, local players, and SMBs looking for something more economical than hosting their own data center often want to keep the data center nearby.To read this article in full, please click here

IBM Unwinds Tangled Data for Enterprise AI

These days, organizations are creating and storing massive amounts of data, and in theory this data can be used to drive business decisions through application development, particularly with new techniques such as machine learning. Data is arguably the most important asset, and it is also probably the most difficult thing to manage. Well, excepting people.

Data is tangled mess. It can be structured or unstructured, and it is increasingly scattered in different locations – in on-premises infrastructure, in a public cloud, on a mobile device. It is a challenge to move, thanks to the costs in everything from bandwidth to

IBM Unwinds Tangled Data for Enterprise AI was written by Jeffrey Burt at The Next Platform.

Technology Short Take 96

Welcome to Technology Short Take 96! Ahead, lying in wait, is a unique collection of links, articles, and thoughts about various data center technologies. Browse if you dare…OK, so I’m being a bit melodramatic. It’s still some good stuff here!

Networking

  • Via Matt Oswalt and Michael Bushong, I came across this article on Juniper’s use of P4. Interesting stuff…P4 definitely has the potential to dramatically reshape networking in new ways, in my humble opinion.
  • Maxime Lagresle of XING outlines how they went about troubleshooting an unexplained connection timeout on Kubernetes/Docker.
  • Ajay Chenampara outlines how POAP (Power On Auto Provisioning), a feature of Cisco NX-OS, works to streamline provisioning new network switches.
  • Don Schenck has a high-level overview of Istio and service meshes.
  • Daniel Álvarez has a good article describing some OVN profiling and optimizing he recently performed. I believe the patches he mentioned in the post have already been accepted into the OVN codebase.

Servers/Hardware

Nothing this time around; sorry! If you have some articles you feel are worthy of inclusion in the next Tech Short Take, send them my way!

Security

1 1,686 1,687 1,688 1,689 1,690 3,841