Near the end of the old year, a juicy discussion broke out in the “main” IETF mailing list. Although it was ignited by a bizarre proposal of IP version 10, in reality it reflects a general frustration caused by the sluggish pace of IPv6 deployment. John Klensin, one of Internet’s grandfathers, expressed a surprisingly sceptical and self-critical opinion. He means that IPv6 proponents gradually lose on credibility: “[We] spent many years trying to tell people that IPv6 was completely ready, that all transition issues had been sorted out and that deployment would be easy and painless. When those stories became ever more clearly false, we then fell back on claims or threats that failure to deploy IPv6 before assorted events occurred would cause some evil demon to rise up [and] devour them and their networks. Most of those events have now occurred without demonstrable bad effects; …”
This year’s December 5 made it into the history of Czech Internet security by crossing a significant threshold. From this date, in the registry of .cz domains there are more domains with DNSSEC security than those which lack this protocol extension. Information provided by DNS systems of more than 51% (653,297) of .cz domains can now be authenticated to ensure that it was not spoofed on the way to the user.
Last year’s success of our memory game (“pexeso”) during the education project in Ethiopia was repeated this year in another African country, São Tomé and Príncipe located directly on the equator in the middle of the Gulf of Guinea.
A complete specification of the new 1.1 version of the YANG data modelling language was published as RFC 7950 on the last day of August. After a relatively slow start, in the last two years the use of YANG has been steadily increasing not only in the IETF but also in other standard development organisations such as IEEE or BBF, and also in the industry. Nowadays, YANG is regarded as a fundamental tool for secure remote administration of network devices and services. It becomes clear that standard and machine-readable data models of configuration and state data – that is, definition of their structure, data types and semantic rules – are ultimately more important than the concrete management protocol that is used for transmitting and editing the data. Despite some reluctance on the side of equipment vendors who love their proprietary CLIs, especially operators of large and heterogeneous networks have been pressing hard to make the management data as standard and cross-platform as possible.
Among CSIRT/CERT teams in Europe and around the world, the Czech Republic is known for a relatively high number of officially established security teams. Operating mainly within Europe, there is the GÉANT organization, which promotes the development and creation of new security teams through its long-established service Trusted Introducer. It is an initiative that aims to facilitate building of trust between security teams of educational and research institutions, operators, providers and government institutions that, within their address space, deal with security incidents, such as botnets, spam, phishing, open resolvers or more sophisticated incidents . Each team faces very similar, if not identical problems and therefore sharing of experience should be taking place to streamline their work. Withholding important information in this environment, on the other hand, does not usually bring any competitive advantage.
DNSSEC – RFC7646 NTA – RFC5011 TA updates
Last week Prague (and our Association together with the Brocade company) hosted the IETF 93 summit. You might have read about the functioning of this community at Root.cz, in the article (in Czech language only) by Ladislav Lhotka from our labs. The same server wrote (in Czech language only) also about Edward Snowden’s (virtual) participation in the summit.
iced coffee, testing library, starting DNSSEC validation, prefetching queries, namebenching
The Honeynet Project is a nonprofit organization established by Lance Spitzner, which brings together researchers and programmers from around the world. It is engaged in investigating attacks, their monitoring and the development of open-source tools in the field of information security.
In the last year, CZ.NIC prepared for children pairs which include 32 themes connected with computers. While pictures are in every pair the same, their names are at one card in Czech and at the other in English. After the experience when these pairs were of use e.g. within the frame of a leisure-time club of English organized by the House of Youth and Children of Prague 9, I took the purely English variant to the Ethiopian school Halaba where I, as volunteer, teach children to work with computer within the frame of project supported by the Czech development agency.